Posts Tagged ‘fakedns’

Well this is new for me, further developing a working POC. Like you all know, I love new ideas and POC development, but hate the further development of POCs. This time the Firewall DNS POC just didn’t cut it, it did what I wanted it to do, but it lacked some “usability” features. These are the added features:

#Functionality
# – = done
# x = todo
###
# – Queries can either be full domain(www.google.com), or only base domain(google.com)
# – Block queries
# – relays queries
# – reads settings from config
# – reloads config
#   – on/off using -auto
# – drops privileges
# – reload config on key combo (ctrl+c)
###

The config file options are somewhat explained in the config file itself, other stuff you’ll have to read from the src. Here”s how it looks now:

sudo ./fw-dns.py
##############################################
new configuration:
reload time:
43200
dns server:
(‘192.168.2.254’, 53)
if listen:
127.0.0.1
allowed full domains:
[‘ubuntu.com’]
allowed partial domains:
[”]
##############################################
Starting fw-dns
Listening on localhost 127.0.0.1
Connected to remote DNS server (‘192.168.2.254’, 53)
Dropped privileges

You can download using bittorrent here:  fw-dns_v0.1
You can download from megaupload here:  http://www.megaupload.com/?d=D4WBLBQ8

Firewall DNS

Posted: April 19, 2010 in security
Tags: , , , , ,

So I’m trying to setup a really tight server and one of the things left to secure was DNS. How do I make sure that if the server gets rooted the backdoor will not be able to connect through DNS to it’s C&C? I decided to write a custom “firewall dns”, which would only allow DNS requests if they matched a certain host. You might now be yelling things like “YOU RETARD, never code something if there is an existing and probably working alternative”, true; thing is I’ve never really done anything with DNS on a coding level so it seemed like this was my opportunity.

(more…)