Jump to content

SpoofDNS (payload2) - Company Internal Resources


mrbaselier
 Share

Recommended Posts

Hello everyone,

Today I have been playing with the SpoofDNS feature of the Packet Squirrel (payload 2). I noticed the following:

> Redirection of spoofed URL works fine
> Internet works fine
> Internal resources by DNS name are not accessible (but can be pinged)

This almost never causes problems on a private PC but might cause problems on a company network. The user is able to access the internet but can no longer access internal websites. For example, we host a ticket system on the network (tickets.company.nl) which, for example, was no longer accessible. All other internet DNS queries where resolved ok.

SpoofDNS is standard on NAT network mode. This is fine. The client thus receives an IP address from the Packet Squirrel. The client first performs a DNS lookup at the Packet Squirrel and the Packet Squirrel routes it to the Spoofed IP if the requested DNS name is on the spoof list. If the name does not appear on the spoof list, I assume that the Packet Squirrel routes the client traffic through the company's DNS server. But I do not think that is the case because the internal resources are no longer available. Which DNS server does the Packet Squirrel use? And is there a fix so that internal resources can be reached. I have already tried to change the network mode to BRIDGE. Then internal resources can be reached again but logically the spoofing does not work because the client make the DNS request at the company DNS server and not at the Packet Squirrel anymore.

I am very curious how this works. Hopefully you can help me?

Thank you!


Sincerely,

Jarno

Link to comment
Share on other sites

Hello Dave-ee Jones,

Thank you for your comment.

The content of the spoofhost file is simple, just 1 line:

--------
address=/www.google.nl/172.16.32.1
_____

This redirection works great. Other internet resources are accessible. The only thing not accessible are internal resources and I am wondering why? Because I believe all other traffic is routed trough the normal (company) DNS? I can even ping them but resolving the hostname seems to be a problem.


Kind regards,

Jarno

 

Link to comment
Share on other sites

5 hours ago, Sebkinne said:

The issue would be that dnsmasq doesn't look up resources from the internal network, but rather defaults to 8.8.8.8.

We should be able to add that in the next update. 

Makes sense.

Will it use the PCs DNS server or will it need to be set on the PS? If it's the second it means we'll have to determine the internal DNS server ourselves which could prove problematic..

Link to comment
Share on other sites

Thank you Sebkinne and Dave-ee Jones!

This is what I expected. It would be awesome if we can create a setting that uses the internal (company) DNS server and not Google's 8.8.8.8 DNS server.

If I can help creating this issue please point me in the right direction and i'll do the best I can to create this.

Again: thank you so much for helping me out.


Kind regards,

Jarno

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...