Cisco Routerlarda DNS Spoofing , DNS Config

Bu makalemizde  DNS Spoofing nedir  ,Cisco Routerlarda DNS Spoofing nasıl yapılır ve DNS Konfigurasyonuna değineceğiz.

Önce R1 i dns server yapalim ve host record yaratalim.

R1(config)#ip dns server
R1(config)#ip host r6 10.0.0.11
R1(config)#

r5 i dns spoofer yapalim(spoof ayni proxy gibi, dns in sozcusu gibi eger bir request alirsa o requesti gercek dns servere gonderiyor, relay agent gibi dhcp de)

R5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#ip domain lookup
R5(config)#ip dns server
R5(config)#ip dns spoofing 10.0.0.1 —–> requestleri R1 a gonderecek.
R5(config)#end

r4 a gidelim ve r6 i ping edelim adi ile simdi, cunku dns server r1 da r6 e ait record yaratmistik.

R4#ping r6

Translating “r6″…domain server (255.255.255.255) [OK]Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R4#Bir de Debug ile bakalim.

R4#ping r6 re 2

Translating “r6″…domain server (255.255.255.255) [OK] —>status onemli

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.0.0.11, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 8/8/8 ms
R4#
03:30:14: IP: s=10.0.0.4 (local), d=255.255.255.255 (Ethernet0/0), len 48, sending broad/multicast —-> dest broadcast int e0/0
03:30:14: UDP src=49226, dst=53
03:30:14: IP: s=155.1.45.4 (local), d=255.255.255.255 (Serial0/1), len 48, sending broad/multicast —–> dest broadcast in s0/1
03:30:14: UDP src=49226, dst=53
03:30:14: IP: tableid=0, s=10.0.0.1 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), routed via RIB
03:30:14: IP: s=10.0.0.1 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), len 64, rcvd 3
03:30:14: UDP src=53, dst=49226
03:30:14: IP: tableid=0, s=155.1.45.5 (Serial0/1), d=155.1.45.4 (Serial0/1), routed via RIB
03:30:14: IP: s=155.1.45.5 (Serial0/1), d=155.1.45.4 (Serial0/1), len 64, rcvd 3
03:30:14: UDP src=53, dst=49226
03:30:14: IP: tableid=0, s=10.0.0.4 (local), d=10.0.0.11 (Ethernet0/0), routed via FIB ———> destination address geliyor r5 ten
03:30:14: IP: s=10.0.0.4 (local), d=10.0.0.11 (Ethernet0/0), len 100, sending
03:30:14: ICMP type=8, code=0
03:30:14: IP: tableid=0, s=10.0.0.11 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), routed via RIB ———->artik ip addresini biliyoruz ve normal ping basliyor
03:
R4#30:14: IP: s=10.0.0.11 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), len 100, rcvd 3
03:30:14: ICMP type=0, code=0
03:30:14: IP: tableid=0, s=10.0.0.4 (local), d=10.0.0.11 (Ethernet0/0), routed via FIB
03:30:14: IP: s=10.0.0.4 (local), d=10.0.0.11 (Ethernet0/0), len 100, sending
03:30:14: ICMP type=8, code=0
03:30:14: IP: tableid=0, s=10.0.0.11 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), routed via RIB
03:30:14: IP: s=10.0.0.11 (Ethernet0/0), d=10.0.0.4 (Ethernet0/0), len 100, rcvd 3
03:30:14: ICMP type=0, code=0

R4#un all
All possible debugging has been turned off
R4#

—-

Şimdi dns server’i   DHCP Server ile birlikte gönderelim.

R4 DHCP Server.

R4
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
ip dhcp pool RELAY-AGENT
network 10.0.0.0 255.255.255.0
default-router 10.0.0.4
dns-server 10.0.0.1 ———>ekledik dhcp optionlarina
!

-R1 yine Server

ip host r5 155.1.45.5 ———–>R5 icin record yarattik dns serverde!
ip dns server
!-

R6 hem dns hemde dhcp client.

R6#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#interface e0/0
R6(config-if)#ip address dhcp
R6(config-if)#end
R6#

Şimdi R6 ‘ya gidip R5 i adı  ile ping “ciscotr.com” edelim..

R6#ping R5Translating “R5″…domain server (10.0.0.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R6#

R6#show dhcp server
DHCP server: ANY (255.255.255.255)
Leases: 8
Offers: 8 Requests: 8 Acks: 8 Naks: 0
Declines: 0 Releases: 21 Bad: 0
DNS0: 10.0.0.1, DNS1: 0.0.0.0
Subnet: 255.255.255.0 DNS Domain: ciscotr.com

R6#show dhcp lease
Temp IP addr: 10.0.0.13 for peer on Interface: Ethernet0/0
Temp sub net mask: 255.255.255.0
DHCP Lease server: 10.0.0.4, state: 3 Bound
DHCP transaction id: EC2F5F
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Temp default-gateway addr: 10.0.0.4
Next timer fires after: 11:58:02
Retry count: 0 Client-ID: cisco-0030.809a.8de0-Et0/0
Hostname: R6
R6#

En son olarak birde debug ile ping …

R6#ping r5 rep 2

Translating “r5″…domain server (10.0.0.1) [OK]

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 155.1.45.5, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 32/32/32 ms
R6#
04:20:46: IP: tableid=0, s=10.0.0.13 (local), d=10.0.0.1 (Ethernet0/0), routed via FIB —– > destination r1(yani dns server)
04:20:46: IP: s=10.0.0.13 (local), d=10.0.0.1 (Ethernet0/0), len 48, sending
04:20:46: UDP src=50382, dst=53
04:20:46: IP: tableid=0, s=10.0.0.1 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), routed via RIB
04:20:46: IP: s=10.0.0.1 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), len 64, rcvd 3
04:20:46: UDP src=53, dst=50382
04:20:46: IP: tableid=0, s=10.0.0.13 (local), d=155.1.45.5 (Ethernet0/0), routed via FIB —-> ip addresini elde ettik ve normal ping basliyor
04:20:46: IP: s=10.0.0.13 (local), d=155.1.45.5 (Ethernet0/0), len 100, sending
04:20:46: ICMP type=8, code=0
R6#
04:20:46: IP: tableid=0, s=155.1.45.5 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), routed via RIB
04:20:46: IP: s=155.1.45.5 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), len 100, rcvd 3
04:20:46: ICMP type=0, code=0
04:20:46: IP: tableid=0, s=10.0.0.13 (local), d=155.1.45.5 (Ethernet0/0), routed via FIB
04:20:46: IP: s=10.0.0.13 (local), d=155.1.45.5 (Ethernet0/0), len 100, sending
04:20:46: ICMP type=8, code=0
04:20:46: IP: tableid=0, s=155.1.45.5 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), routed via RIB
04:20:46: IP: s=155.1.45.5 (Ethernet0/0), d=10.0.0.13 (Ethernet0/0), len 100, rcvd 3
04:20:46: ICMP type=0, code=0
04:20:47: IP: s=10.0.0.4 (Ethernet0/0), d=224.0.0.9
R6#, len 52, rcvd 2
04:20:47: UDP src=520, dst=520

R6#un all
All possible debugging has been turned off
R6#


Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir