我的目标是建立一个侦听DNS端口以进行连接的服务器套接字,而不响应任何内容,以便收集有关正在寻找DNS服务器的IP地址的信息。我唯一需要收集的是源IP。我写了这段代码:
import socket
def create_socket():
global host
global port
global s
try:
host = ''
port = 53
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
except socket.error as msg:
print('Socekt creation error:' + str(msg))
def bind_socket():
try:
print('Binding socket to port: ' + str(port) + ', Host: ' + str(host))
s.bind((host, port))
except socket.error as msg:
print('Socket Binding error: ' + str(msg))
def socket_receive():
while True:
msg = s.recvfrom(1024)
print('IP: ' + str(msg[1]) + ', DATA: ' + msg[0].decode(encoding='cp1252', errors='ignore'))
def main():
create_socket()
bind_socket()
socket_receive()
main()
[不幸的是,我必须使用VirtualBox在VirtualMachine上运行它。我为路由器上的端口53创建了端口转发规则,我认为我做对了,因为站点“ https://canyouseeme.org/”告诉我ISP并未阻止该端口。我在VirtualMachine上创建了端口转发规则,以便主机端口53上的所有流量都将重定向到来宾(我的程序所在的位置)。我至少希望如此。即使在Windows防火墙中,我也创建了一个规则以允许端口53的连接。最后,我使用iptables允许VirtualMachine的端口53上的传入流量。我还是什么都没有。可能我缺少了一些东西,也许我必须在python中使用dnslib才能“吸引”连接。或者我需要在Windows或路由器上配置更多内容。也许我错过了一些重要的概念。为什么我没有任何连接?
PS C:\WINDOWS\system32> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e0ce:c8f6:a594:f24d%17
IPv4 Address. . . . . . . . . . . : 192.168.56.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Wireless LAN adapter Connessione alla rete locale (LAN)* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Connessione alla rete locale (LAN)* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : domain.name
Link-local IPv6 Address . . . . . : fe80::d03d:c2c9:163e:3eb6%6
IPv4 Address. . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::b239:56ff:fea9:f35e%6
192.168.1.1
Ethernet adapter Connessione di rete Bluetooth 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
PS C:\WINDOWS\system32> netstat -na|findstr 53
TCP 0.0.0.0:53 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5353 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
UDP 0.0.0.0:53 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 192.168.1.11:5353 *:*
UDP 192.168.56.1:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::1]:5353 *:*
来宾的UFW:
diego@diego-VirtualBox:~$ sudo ufw status
[sudo] password di diego:
Stato: attivo
A Azione Da
- ------ --
53 ALLOW Anywhere
19 ALLOW Anywhere
5353 ALLOW Anywhere
123 ALLOW Anywhere
53 (v6) ALLOW Anywhere (v6)
19 (v6) ALLOW Anywhere (v6)
5353 (v6) ALLOW Anywhere (v6)
123 (v6) ALLOW Anywhere (v6)
来宾上的ifconfig
diego@diego-VirtualBox:~$ sudo ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::7059:da6f:6a4a:8f4e prefixlen 64 scopeid 0x20<link>
ether 08:00:27:34:d5:6d txqueuelen 1000 (Ethernet)
RX packets 395 bytes 307669 (307.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 278 bytes 33866 (33.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Loopback locale)
RX packets 35 bytes 3215 (3.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 3215 (3.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
来宾的iptables:
diego@diego-VirtualBox:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
调试它的标准方法是使用wireshark(https://www.wireshark.org/#download)或另一个数据包嗅探器。您可以将其安装在Windows主机和来宾实例上。假设您的网络是这样的:
---------------------------
------------ -------- | |---------------|
|dns client| ---- |router| ---- |win host | guest instance|
------------ -------- ---------------------------
此外,最好先在路由器内部调试DNS客户端,以确保它实际上正在向蜜罐发出请求。如果您使用的是nslookup或其他标准客户端,则需要确保已将Windows主机设置为域控制器。例如
% nslookup
> server 192.168.1.1
Default server: 192.168.1.1
Address: 192.168.1.1#53
>
[如果一切正常,我想人们根本就不会探测您的网络,或者您的ISP具有智能入侵防御功能,不会阻止canyouseme,但会阻止dns扫描ala netcat。