2015-01-28 15:12:42 zapperstab 阅读数 4927
  • 网络工程师DNS域名解析强化训练视频课程

    网络工程师考试考察知识点繁多,形式多样。如何有效把握每种考察形式,拿到相应分数?这是历年考生挠头的事情。本系列课程紧抓考生痛点,对网工考试中重点题型分门别类讲解,反复强化训练,助力考生查缺补漏,拿到相应分数。本次分课程重点讲解了理解题型中DNS解题方法。通过基本概念阐述->实战配置演示->全真模拟题强化训练,三大步骤帮助考生掌握DNS解题方法,拿到相应分数。

    3231 人正在学习 去看看 徐朋
//DNS Query Program on Linux
//Author : Silver Moon (m00n.silv3r@gmail.com)
//Dated : 29/4/2009

//Header Files
#include<stdio.h> //printf
#include<string.h>    //strlen
#include<stdlib.h>    //malloc
#include<sys/socket.h>    //you know what this is for
#include<arpa/inet.h> //inet_addr , inet_ntoa , ntohs etc
#include<netinet/in.h>
#include<unistd.h>    //getpid

//List of DNS Servers registered on the system
char dns_servers[10][100];
int dns_server_count = 0;
//Types of DNS resource records :)

#define T_A 1 //Ipv4 address
#define T_NS 2 //Nameserver
#define T_CNAME 5 // canonical name
#define T_SOA 6 /* start of authority zone */
#define T_PTR 12 /* domain name pointer */
#define T_MX 15 //Mail server

//Function Prototypes
void ngethostbyname(unsigned char*, int);
void ChangetoDnsNameFormat(unsigned char*, unsigned char*);
unsigned char* ReadName(unsigned char*, unsigned char*, int*);
void get_dns_servers();

//DNS header structure
struct DNS_HEADER {
	unsigned short id; // identification number

	unsigned char rd :1; // recursion desired
	unsigned char tc :1; // truncated message
	unsigned char aa :1; // authoritive answer
	unsigned char opcode :4; // purpose of message
	unsigned char qr :1; // query/response flag

	unsigned char rcode :4; // response code
	unsigned char cd :1; // checking disabled
	unsigned char ad :1; // authenticated data
	unsigned char z :1; // its z! reserved
	unsigned char ra :1; // recursion available

	unsigned short q_count; // number of question entries
	unsigned short ans_count; // number of answer entries
	unsigned short auth_count; // number of authority entries
	unsigned short add_count; // number of resource entries
};

//Constant sized fields of query structure
struct QUESTION {
	unsigned short qtype;
	unsigned short qclass;
};

//Constant sized fields of the resource record structure
#pragma pack(push, 1)
struct R_DATA {
	unsigned short type;
	unsigned short _class;
	unsigned int ttl;
	unsigned short data_len;
};
#pragma pack(pop)

//Pointers to resource record contents
struct RES_RECORD {
	unsigned char *name;
	struct R_DATA *resource;
	unsigned char *rdata;
};

//Structure of a Query
typedef struct {
	unsigned char *name;
	struct QUESTION *ques;
} QUERY;

int main(int argc, char *argv[]) {
	unsigned char hostname[100];

	//Get the DNS servers from the resolv.conf file
	get_dns_servers();

	//Get the hostname from the terminal
	printf("Enter Hostname to Lookup : ");
	scanf("%s", hostname);

	//Now get the ip of this hostname , A record
	ngethostbyname(hostname, T_A);

	return 0;
}

/*
 * Perform a DNS query by sending a packet
 * */
void ngethostbyname(unsigned char *host, int query_type) {
	unsigned char buf[65536], *qname, *reader;
	int i, j, stop, s;

	struct sockaddr_in a;

	struct RES_RECORD answers[20], auth[20], addit[20]; //the replies from the DNS server
	struct sockaddr_in dest;

	struct DNS_HEADER *dns = NULL;
	struct QUESTION *qinfo = NULL;

	printf("Resolving %s", host);

	s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); //UDP packet for DNS queries

	dest.sin_family = AF_INET;
	dest.sin_port = htons(53);
	dest.sin_addr.s_addr = inet_addr(dns_servers[0]); //dns servers

	//Set the DNS structure to standard queries
	dns = (struct DNS_HEADER *) &buf;

	dns->id = (unsigned short) htons(getpid());
	dns->qr = 0; //This is a query
	dns->opcode = 0; //This is a standard query
	dns->aa = 0; //Not Authoritative
	dns->tc = 0; //This message is not truncated
	dns->rd = 1; //Recursion Desired
	dns->ra = 0; //Recursion not available! hey we dont have it (lol)
	dns->z = 0;
	dns->ad = 0;
	dns->cd = 0;
	dns->rcode = 0;
	dns->q_count = htons(1); //we have only 1 question
	dns->ans_count = 0;
	dns->auth_count = 0;
	dns->add_count = 0;

	//point to the query portion
	qname = (unsigned char*) &buf[sizeof(struct DNS_HEADER)];

	ChangetoDnsNameFormat(qname, host);
	qinfo = (struct QUESTION*) &buf[sizeof(struct DNS_HEADER)
			+ (strlen((const char*) qname) + 1)]; //fill it

	qinfo->qtype = htons(query_type); //type of the query , A , MX , CNAME , NS etc
	qinfo->qclass = htons(1); //its internet (lol)

	printf("\nSending Packet...");
	if (sendto(s, (char*) buf,
			sizeof(struct DNS_HEADER) + (strlen((const char*) qname) + 1)
					+ sizeof(struct QUESTION), 0, (struct sockaddr*) &dest,
			sizeof(dest)) < 0) {
		perror("sendto failed");
	}
	printf("Done");

	//Receive the answer
	i = sizeof dest;
	printf("\nReceiving answer...");
	if (recvfrom(s, (char*) buf, 65536, 0, (struct sockaddr*) &dest,
			(socklen_t*) &i) < 0) {
		perror("recvfrom failed");
	}
	printf("Done");

	dns = (struct DNS_HEADER*) buf;

	//move ahead of the dns header and the query field
	reader = &buf[sizeof(struct DNS_HEADER) + (strlen((const char*) qname) + 1)
			+ sizeof(struct QUESTION)];

	printf("\nThe response contains : ");
	printf("\n %d Questions.", ntohs(dns->q_count));
	printf("\n %d Answers.", ntohs(dns->ans_count));
	printf("\n %d Authoritative Servers.", ntohs(dns->auth_count));
	printf("\n %d Additional records.\n\n", ntohs(dns->add_count));

	//Start reading answers
	stop = 0;

	for (i = 0; i < ntohs(dns->ans_count); i++) {
		answers[i].name = ReadName(reader, buf, &stop);
		reader = reader + stop;

		answers[i].resource = (struct R_DATA*) (reader);
		reader = reader + sizeof(struct R_DATA);

		if (ntohs(answers[i].resource->type) == 1) //if its an ipv4 address
				{
			answers[i].rdata = (unsigned char*) malloc(
					ntohs(answers[i].resource->data_len));

			for (j = 0; j < ntohs(answers[i].resource->data_len); j++) {
				answers[i].rdata[j] = reader[j];
			}

			answers[i].rdata[ntohs(answers[i].resource->data_len)] = '\0';

			reader = reader + ntohs(answers[i].resource->data_len);
		} else {
			answers[i].rdata = ReadName(reader, buf, &stop);
			reader = reader + stop;
		}
	}

	//read authorities
	for (i = 0; i < ntohs(dns->auth_count); i++) {
		auth[i].name = ReadName(reader, buf, &stop);
		reader += stop;

		auth[i].resource = (struct R_DATA*) (reader);
		reader += sizeof(struct R_DATA);

		auth[i].rdata = ReadName(reader, buf, &stop);
		reader += stop;
	}

	//read additional
	for (i = 0; i < ntohs(dns->add_count); i++) {
		addit[i].name = ReadName(reader, buf, &stop);
		reader += stop;

		addit[i].resource = (struct R_DATA*) (reader);
		reader += sizeof(struct R_DATA);

		if (ntohs(addit[i].resource->type) == 1) {
			addit[i].rdata = (unsigned char*) malloc(
					ntohs(addit[i].resource->data_len));
			for (j = 0; j < ntohs(addit[i].resource->data_len); j++)
				addit[i].rdata[j] = reader[j];

			addit[i].rdata[ntohs(addit[i].resource->data_len)] = '\0';
			reader += ntohs(addit[i].resource->data_len);
		} else {
			addit[i].rdata = ReadName(reader, buf, &stop);
			reader += stop;
		}
	}

	//print answers
	printf("\nAnswer Records : %d \n", ntohs(dns->ans_count));
	for (i = 0; i < ntohs(dns->ans_count); i++) {
		printf("Name : %s ", answers[i].name);

		if (ntohs(answers[i].resource->type) == T_A) //IPv4 address
		{
			long *p;
			p = (long*) answers[i].rdata;
			a.sin_addr.s_addr = (*p); //working without ntohl
			printf("has IPv4 address : %s", inet_ntoa(a.sin_addr));
		}

		if (ntohs(answers[i].resource->type) == 5) {
			//Canonical name for an alias
			printf("has alias name : %s", answers[i].rdata);
		}

		printf("\n");
	}

	//print authorities
	printf("\nAuthoritive Records : %d \n", ntohs(dns->auth_count));
	for (i = 0; i < ntohs(dns->auth_count); i++) {

		printf("Name : %s ", auth[i].name);
		if (ntohs(auth[i].resource->type) == 2) {
			printf("has nameserver : %s", auth[i].rdata);
		}
		printf("\n");
	}

	//print additional resource records
	printf("\nAdditional Records : %d \n", ntohs(dns->add_count));
	for (i = 0; i < ntohs(dns->add_count); i++) {
		printf("Name : %s ", addit[i].name);
		if (ntohs(addit[i].resource->type) == 1) {
			long *p;
			p = (long*) addit[i].rdata;
			a.sin_addr.s_addr = (*p);
			printf("has IPv4 address : %s", inet_ntoa(a.sin_addr));
		}
		printf("\n");
	}
	return;
}

/*
 *
 * */
u_char* ReadName(unsigned char* reader, unsigned char* buffer, int* count) {
	unsigned char *name;
	unsigned int p = 0, jumped = 0, offset;
	int i, j;

	*count = 1;
	name = (unsigned char*) malloc(256);

	name[0] = '\0';

	//read the names in 3www6google3com format
	while (*reader != 0) {
		if (*reader >= 192) {
			offset = (*reader) * 256 + *(reader + 1) - 49152; //49152 = 11000000 00000000 ;)
			reader = buffer + offset - 1;
			jumped = 1; //we have jumped to another location so counting wont go up!
		} else {
			name[p++] = *reader;
		}

		reader = reader + 1;

		if (jumped == 0) {
			*count = *count + 1; //if we havent jumped to another location then we can count up
		}
	}

	name[p] = '\0'; //string complete
	if (jumped == 1) {
		*count = *count + 1; //number of steps we actually moved forward in the packet
	}

	//now convert 3www6google3com0 to www.google.com
	for (i = 0; i < (int) strlen((const char*) name); i++) {
		p = name[i];
		for (j = 0; j < (int) p; j++) {
			name[i] = name[i + 1];
			i = i + 1;
		}
		name[i] = '.';
	}
	name[i - 1] = '\0'; //remove the last dot
	return name;
}

/*
 * Get the DNS servers from /etc/resolv.conf file on Linux
 * */
void get_dns_servers() {
	FILE *fp;
	char line[200], *p;
	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) {
		printf("Failed opening /etc/resolv.conf file \n");
	}

	while (fgets(line, 200, fp)) {
		if (line[0] == '#') {
			continue;
		}
		if (strncmp(line, "nameserver", 10) == 0) {
			p = strtok(line, " ");
			p = strtok(NULL, " ");

			//p now is the dns ip :)
			//????
		}
	}

	strcpy(dns_servers[0], "208.67.222.222");
	strcpy(dns_servers[1], "208.67.220.220");
}

/*
 * This will convert www.google.com to 3www6google3com
 * got it :)
 * */
void ChangetoDnsNameFormat(unsigned char* dns, unsigned char* host) {
	int lock = 0, i;
	strcat((char*) host, ".");

	for (i = 0; i < strlen((char*) host); i++) {
		if (host[i] == '.') {
			*dns++ = i - lock;
			for (; lock < i; lock++) {
				*dns++ = host[lock];
			}
			lock++; //or lock=i+1;
		}
	}
	*dns++ = '\0';
}

原文连接:http://www.binarytides.com/dns-query-code-in-c-with-linux-sockets/

DNS劫持
2019-11-10 08:58:15 s452195377 阅读数 90
  • 网络工程师DNS域名解析强化训练视频课程

    网络工程师考试考察知识点繁多,形式多样。如何有效把握每种考察形式,拿到相应分数?这是历年考生挠头的事情。本系列课程紧抓考生痛点,对网工考试中重点题型分门别类讲解,反复强化训练,助力考生查缺补漏,拿到相应分数。本次分课程重点讲解了理解题型中DNS解题方法。通过基本概念阐述->实战配置演示->全真模拟题强化训练,三大步骤帮助考生掌握DNS解题方法,拿到相应分数。

    3231 人正在学习 去看看 徐朋

DNS是什么呢,是全世界所有的域名对应的ip解析的服务器,输入一个域名可以解析到ip,输入ip可以解析到域名,比较常用的dns地址114.114.114.114,假如一个人的电脑配置的dns地址不对,通过域名来访问服务器web应用的时候就解析不到主机,资源就获取不到了,既然dns是一台服务器,那么自己的电脑就可以搭建DNS服务器了,linux下搭建dns服务器的有bing9,下面是主要配置的参数:

文件名:/etc/bind/named.conf.options

options {
	directory "/var/cache/bind";

	 forwarders {
	 	114.114.114.114;
	 };

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
};

上面的那个forwarders意思是本地DNS没解析到的去中国区通用的DNS服务器解析(这地方可以想象);

文件名:/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

zone "demo.com" {
	type master;
	file "/etc/bind/db.1";
};

zone "127.0.0.1.in-addr.arpa" {
	type master;
	file "/etc/bind/db.2";
};

其中倒数第二个是正向解析,就三通过域名解析到ip,最后一个是反向解析,通过ip解析到域名;

正向解析文件配置:/etc/bind/db.1

; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL	86400
@	IN	SOA	dns.demo.com. root.demo.com. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
;
@	IN	NS	dns.demo.com.
*	IN	A	127.0.0.1
@	IN	A	127.0.0.1

反向解析文件配置:/etc/bind/db.2

; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL	86400
@	IN	SOA	dns.demo.com. root.demo.com. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
;
@	IN	NS	dns.demo.com.
1	PTR		www.demo.com.

 上面标签什么意思,文本太长,不好解释;

这上面DNS服务器搭建之后,同过指令可以查看正向与反向地址,正向地址如下:

root@huangxudong-X456UR:/etc/bind# nslookup www.demo.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	www.demo.com
Address: 127.0.0.1

现在通过浏览器看看什么情况,本地已经搭建了tomcat环境,端口8080,80端口已经被占用;

假设在服务器上搭建一个DNS服务器,将这个DNS服务器的地址装到对象那里,对象可以正常上网,当对象上www.demo.com的时候跳到自定义的网页了,linux设置dns是 /etc/resolv.conf里面写DNS地址;

 

2018-01-08 17:29:26 lysinely 阅读数 545
  • 网络工程师DNS域名解析强化训练视频课程

    网络工程师考试考察知识点繁多,形式多样。如何有效把握每种考察形式,拿到相应分数?这是历年考生挠头的事情。本系列课程紧抓考生痛点,对网工考试中重点题型分门别类讲解,反复强化训练,助力考生查缺补漏,拿到相应分数。本次分课程重点讲解了理解题型中DNS解题方法。通过基本概念阐述->实战配置演示->全真模拟题强化训练,三大步骤帮助考生掌握DNS解题方法,拿到相应分数。

    3231 人正在学习 去看看 徐朋
DNS劫持     DNS( Domain Name System)是“域名系统”
通过劫持了DNS服务器,通过某些手段取得某域名的解析记录控制权,进而修改此域名的解析结果,导致对该域名的访问由原IP地址转入到修改后的指定IP,其结果就是对特定的网址不能访问或访问的是假网址,从而实现窃取资料或者破坏原有正常服务的目的。DNS劫持通过篡改DNS服务器上的数据返回给用户一个错误的查询结果来实现的。
DNS劫持症状:在某些地区的用户在成功连接宽带后,首次打开任何页面都指向ISP提供的“电信互联星空”、“网通黄页广告”等内容页面。还有就是曾经出现过用户访问Google域名的时候出现了百度的网站。这些都属于DNS劫持。
当输入google.com这个网址的时候,看到的网站却是百度的首页。


http劫持
在用户的客户端与其要访问的服务器经过网络协议协调后,二者之间建立了一条专用的数据通道,用户端程序在系统中开放指定网络端口用于接收数据报文,服务器端将全部数据按指定网络协议规则进行分解打包,形成连续数据报文。
用户端接收到全部报文后,按照协议标准来解包组合获得完整的网络数据。其中传输过程中的每一个数据包都有特定的标签,表示其来源、携带的数据属性以及要到何处,所有的数据包经过网络路径中ISP的路由器传输接力后,最终到达目的地,也就是客户端。
HTTP劫持是在使用者与其目的网络服务所建立的专用数据通道中,监视特定数据信息,提示当满足设定的条件时,就会在正常的数据流中插入精心设计的网络数据报文,目的是让用户端程序解释“错误”的数据,并以弹出新窗口的形式在使用者界面展示宣传性广告或者直接显示某网站的内容。


DNS污染:
指的是有人通过恶意伪造身份、利用漏洞等方式,向用户或者其他DNS服务器提供虚假的DNS记录。由于DNS记录存在一个生存期(TTL),在生存期内,DNS保存在缓存中,除非经过了大于一个TTL的时间,或者经手工刷新DNS缓存,虚假的记录会一直存在下去,并且如果污染了DNS服务器,这种污染还具有传染性。DNS污染具有暂时性,过了TTL周期,如果不进行再污染,污染就会消失。
 
DNS记录污染同劫持的不同之处,在于污染是对本来正确的DNS查询结果进行篡改,而劫持是DNS服务器自己把记录改成错误的内容。对于GFW来说,DNS劫持用于国内服务器,而对于国外服务器GFW无法更改其内容,故采用DNS污染方式篡改用户收到的信息。
 GFW的DNS污染过程,是当你向国外DNS服务器查询DNS记录时候,这些流量走到国外出口处即会遭到GFW的关键字审查,如果上了黑名单,GFW会立即向你返回一个虚假的DNS记录。由于默认的DNS查询方式是UDP,加上DNS查询结果只认最快返回的结果,所以你一定是先收到了GFW给你返回的虚假DNS记录;就算100ms后你收到了真正的来自国外DNS的回复,那也会被你的系统无视掉。如果GFW想彻底污染一个域名,那么不只是普通用户,连国内所有的DNS服务器也会收到虚假的DNS纪录导致全国性的DNS污染。




区别:
DNS劫持倾向于持续性,访问被劫持的网站时,会不停的出现其恶意广告。
HTTP劫持,这种劫持也是最为麻烦,其常见的现象为针对大流量网站的加小尾巴行为,如百度,hao123导航,360导航,百度知道,各大电商网站(淘宝,天猫,当当等)
HTTP的劫持出现的频率多变,针对不同的ip也会不同(断网之后再连接,也许劫持就暂时消失),一定程度会造成错误的假象,用户可能会忽视该问题,由于其劫持过程非常快,只是经过某个IP后就快速的跳转,用户如果不注意地址栏的变化,根本不会注意到该问题的出现。


解决方法:
1.向工信部投诉
2.DNS劫持判断,更改DNS,改成如114DNS,阿里DNS,onedns等,然后访问同样的网页,之后没出现类似的问题,即可判定为DNS劫持,DNS的解决不困难,手动换DNS,或者是投诉
3.HTTP的劫持,判定就困难多了,首先需要排除干扰,如hosts是否干净,是否有恶意软件,恶意插件,系统是否中病毒等(还有盗版系统),但是如果有iphone或者是ipad(不越狱),这就比较容易排除干扰项。首先需要注意的是各类的国产软件的也会造成后面的小尾巴,用户很容易就错误判断为运营商劫持
4.尽量使用HTTPS协议访问
5.考虑在边界设备针对TTL为252且为TCP协议的包做DROP处理,切记不能REJECT。
6.防止DNS污染的方法目前来说就是使用TCP协议代替UDP来进行DNS查询,因为TCP协议是有连接的协议需要双方握手成功才能通讯,从而避免GFW这种简单的DNS污染方式。目前GFW对于TCP方式的DNS查询其实已有阻断能力,但未大规模部署,目前貌似只有dl.dropbox.com会遭遇TCP阻断


业务上的:
1.DNS forword 劫持:
        运营商跨省之间的出口做劫持,省与省之间的流量结算问题
        跨运营商的劫持,运营商之间的流量结算问题,不夸运营商,给予客户相同的需求
2.http劫持
        出口网元,转发到url时,在响应返回200ok时,回到缓存url,返回320,网页和原网页一样,插入了广告之类的

2019-06-15 10:52:31 liny000 阅读数 90
  • 网络工程师DNS域名解析强化训练视频课程

    网络工程师考试考察知识点繁多,形式多样。如何有效把握每种考察形式,拿到相应分数?这是历年考生挠头的事情。本系列课程紧抓考生痛点,对网工考试中重点题型分门别类讲解,反复强化训练,助力考生查缺补漏,拿到相应分数。本次分课程重点讲解了理解题型中DNS解题方法。通过基本概念阐述->实战配置演示->全真模拟题强化训练,三大步骤帮助考生掌握DNS解题方法,拿到相应分数。

    3231 人正在学习 去看看 徐朋

服务器

1. 安装软件

$ sudo yum install bind

2. 编辑主配置文件

$sudo vim /etc/named.conf

在这里插入图片描述

3. 编辑区域文件

$sudo vim /etc/named.rfc1912.zones

在这里插入图片描述

4. 编辑正向解析域文件

$sudo cp /var/named/named.localhost /var/named/example.com.zone
$sudo vim /var/named/example.com.zone

注:此处最下面三行我添加了SRV记录,不需要请忽略它
在这里插入图片描述

5. 编辑反向解析域文件

$sudo cp /var/named/named.loopback /var/named/example.com.loopback
$ sudo vim /var/named/example.com.loopback

在这里插入图片描述

6. 启动named服务

 $sudo systemctl start named


客户端(验证)

1.安装软件

 $sudo yum install bind-utils

2.编辑DNS配置文件

$vim /etc/resolv.conf
nameserver =>改为域名服务器地址 (注:该地址放在最前面)

3.正向解析

$nslookup www.example.com

4.反向解析

$nslookup 192.168.10.108

5.验证SRV记录

$nslookup
> set
> type=srv
 >_ceph-mon._tcp.example.com.
2019-08-29 18:35:26 qq_33391644 阅读数 87
  • 网络工程师DNS域名解析强化训练视频课程

    网络工程师考试考察知识点繁多,形式多样。如何有效把握每种考察形式,拿到相应分数?这是历年考生挠头的事情。本系列课程紧抓考生痛点,对网工考试中重点题型分门别类讲解,反复强化训练,助力考生查缺补漏,拿到相应分数。本次分课程重点讲解了理解题型中DNS解题方法。通过基本概念阐述->实战配置演示->全真模拟题强化训练,三大步骤帮助考生掌握DNS解题方法,拿到相应分数。

    3231 人正在学习 去看看 徐朋

kali linux主机ip为:192.168.1.3

一、找到ettercap DNS文件。

文件目录:/etc/ettercap/etter.dns

二、用记事本打开它。

三、找到vim:ts=8:noexpandtab,在下方加入*  A   192.168.1.3( * 表示所有链接访问都转发到192.168.1.3)

四、打开终端,运行ettercap输入如下命令:ettercap -T -q -i eth0 -P dns_spoof -M arp

eth0  本机网卡

arp   拦截局域网所有的DNS映射到本机的etter.dns中

劫持开始后局域网内所有访问都会被劫持

 

没有更多推荐了,返回首页