3

I wish to demonstrate a DNS cache poisoning attack. For this, I have configured a DNS server on a VM. I am trying to delay incoming traffic from the following IP addresses to the VM: 199.43.133.53 and 199.43.132.53 using tc and the following commands:

modprobe ifb ip link set dev ifb0 up tc qdisc add dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip u32 \ match ip src 199.43.132.53/16 flowid 1:1 action mirred egress redirect dev ifb0\ tc qdisc add dev ifb0 root netem delay 5000ms

The two IP addresses correspond to the nameservers of a domain. When I ping these two nameservers from the VM after adding these rules, it does get a delayed response which is fine. What I wish to delay is the DNS response from these nameservers. And this is still pretty fast.

I am also running a python script on the host machine which sends packets to this VM. When these rules are added to the VM, the python script ( uses Scapy and sendp to write packets) also experiences a delay. Though when I ping the VM from host machine, the ping response is pretty fast. Why does Python's sendp experience a delay when the host machine's IP is not a part of the filter. And in that case, why is the ping response (ping request from host to VM) normal and not delayed. What am I missing here?

CuriousCat
  • 125
  • 1
  • 6
  • What VM engine & VM net config are you using (maybe it shares something with the host)? Do you write the rules in the host or guest OS? What protocol(s) do your packets use (are there/should there be replies?)? Is there any other packet-tampering software active? – ivan_pozdeev Mar 10 '15 at 01:22
  • I write the rules in the guest. The guest is configured on Virtualbox and is in bridged network with the host. – CuriousCat Mar 10 '15 at 01:36

0 Answers0