Remote DNS Attack Lab

SEED Lab: A Hands-on Lab for Security Education

Overview

The objective of this lab is for students to gain the first-hand experience on the remote DNS cache poisoning attack, also called the Kaminsky DNS attack. DNS (Domain Name System) is the Internet's phone book; it translates hostnames to IP addresses and vice versa. This translation is through DNS resolution, which happens behind the scene. DNS Pharming attacks manipulate this resolution process in various ways, with an intent to misdirect users to alternative destinations, which are often malicious. This lab focuses on a particular DNS Pharming attack technique, called DNS Cache Poisoning attack.

In another SEED Lab, we have designed activities to conduct the same attack in a local network environment, i.e., the attacker and the victim DNS server are on the same network, where packet sniffering is possible. In this remote attack lab, packet sniffering is not possible, so the attack becomes much more challenging than the local attack.

Lab Tasks

  • Update Notice: This lab description was newly updated on . If this update happened in the middle of your assignment, you can always get the old version from . The old version will phase out soon.
  • VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

  • Supervised situation (e.g. a closely-guided lab session):
  • Unsupervised situation (e.g. take-home project):

Videos (New)

Files that are Needed

  • Zone Files for DNS Setup
    • Zone file for domain example.com: example.com.zone
    • Zone file for domain attacker32.com: attacker32.com.zone
    • Note: If you choose different IP addresses or domain names, you need to modify the above configuration and zone files accordingly.
  • The skeleton C code attack.c

Suggested Reading

SEED Labs

SEED Books

SEED Lectures

Copyright © Wenliang Du, Syracuse University