mrbaselier Posted March 7, 2018 Share Posted March 7, 2018 Hello everyone,Today I have been playing with the SpoofDNS feature of the Packet Squirrel (payload 2). I noticed the following:> Redirection of spoofed URL works fine> Internet works fine> Internal resources by DNS name are not accessible (but can be pinged)This almost never causes problems on a private PC but might cause problems on a company network. The user is able to access the internet but can no longer access internal websites. For example, we host a ticket system on the network (tickets.company.nl) which, for example, was no longer accessible. All other internet DNS queries where resolved ok.SpoofDNS is standard on NAT network mode. This is fine. The client thus receives an IP address from the Packet Squirrel. The client first performs a DNS lookup at the Packet Squirrel and the Packet Squirrel routes it to the Spoofed IP if the requested DNS name is on the spoof list. If the name does not appear on the spoof list, I assume that the Packet Squirrel routes the client traffic through the company's DNS server. But I do not think that is the case because the internal resources are no longer available. Which DNS server does the Packet Squirrel use? And is there a fix so that internal resources can be reached. I have already tried to change the network mode to BRIDGE. Then internal resources can be reached again but logically the spoofing does not work because the client make the DNS request at the company DNS server and not at the Packet Squirrel anymore.I am very curious how this works. Hopefully you can help me?Thank you!Sincerely,Jarno Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted March 8, 2018 Share Posted March 8, 2018 HOSTS FILE ENTRY! Joking, don't do that. Could you please comment the contents of your "spoofhost" (file with DNS entries in it)? Link to comment Share on other sites More sharing options...
mrbaselier Posted March 9, 2018 Author Share Posted March 9, 2018 Hello Dave-ee Jones, Thank you for your comment. The content of the spoofhost file is simple, just 1 line: -------- address=/www.google.nl/172.16.32.1 _____ This redirection works great. Other internet resources are accessible. The only thing not accessible are internal resources and I am wondering why? Because I believe all other traffic is routed trough the normal (company) DNS? I can even ping them but resolving the hostname seems to be a problem. Kind regards, Jarno Link to comment Share on other sites More sharing options...
Sebkinne Posted March 10, 2018 Share Posted March 10, 2018 The issue would be that dnsmasq doesn't look up resources from the internal network, but rather defaults to 8.8.8.8. We should be able to add that in the next update. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted March 11, 2018 Share Posted March 11, 2018 5 hours ago, Sebkinne said: The issue would be that dnsmasq doesn't look up resources from the internal network, but rather defaults to 8.8.8.8. We should be able to add that in the next update. Makes sense. Will it use the PCs DNS server or will it need to be set on the PS? If it's the second it means we'll have to determine the internal DNS server ourselves which could prove problematic.. Link to comment Share on other sites More sharing options...
mrbaselier Posted March 12, 2018 Author Share Posted March 12, 2018 Thank you Sebkinne and Dave-ee Jones! This is what I expected. It would be awesome if we can create a setting that uses the internal (company) DNS server and not Google's 8.8.8.8 DNS server. If I can help creating this issue please point me in the right direction and i'll do the best I can to create this. Again: thank you so much for helping me out. Kind regards, Jarno Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.