Networking: Routing Table Manipulation | DNS Spoofing
Task: Create a Setup so that you can ping google but not able to ping Facebook from same system.
Solution: to do so there are multiple ways in which we can manipulate our device such that it can ping/connect everything except Facebook, or just be able to connect to google. Today we are going to cover two such ways of completing our task… The following are the methods I used to achieve the goal:
- Through Manipulation of the routing table.
- DNS spoofing locally using the internal hosts.
The How> To connect two places via computer networking the basic requirements are as follows:
- OS and a device to run the OS on both the side, i.e. a computer with an OS of choice, in our case the two devices are the client (us with our computer) and the server computer (Google/Facebook and their server systems) and the OS of my choice for this task is RHEL8.
- NIC, which I assume you will have as you are using the internet, same applies to them(Google/Facebook).
- Internet Protocol, i.e. a set of agreed upon rules for communication between two parties. We are going to use IPv4 for our operation.
- A connection on the physical layer via cables, routers, switches etc. between us and them(Google/Facebook).
- Us and them(Google/Facebook) must be in a single network.
Point 4 and 5 can be achieved with the help of an internet provider.
6. IP addresses. Since our operation is taking place on the internet, we will use the public IP. This on our end will be done automatically through SNAT(Source Network Address Translation). And on their end again they’ll take care of making their public IP translate to a private one.
Now to disrupt the connection between us and them(Facebook) we can manipulate any of the required block.
Solution 1.) By manipulating the routing table we’ll be able to create a disconnect the network between the two parties. This is done by making our gateway disallowing the connection hence this will disrupt physical connection.
Routing Table: a table used to store routes for a network/network range destination in router or network host.
The above snippet shows(under the heading ‘kernel IP routing table’) that we are connecting to the internet(0.0.0.0) through a Gateway with IP
192.168.29.1 and the Genmask as
0.0.0.0 i.e. the prefix length=0 and the interface(Iface) for this is
enp0s3 . Also further below we had successful pings with both facebook.com and google.com as both the pings had
0% packet loss for whatever number of packets the ping was ran.
Now through some research I found out that most of the Facebook’s public IP addresses are in the range of 18.104.22.168–22.214.171.124(Nice!) i.e. 126.96.36.199/8 rejecting the connection for all the IPs in this range will result in a connection failure for Facebook. Now to do this we can either delete the 0.0.0.0 path and add all the paths except 188.8.131.52–184.108.40.206, but for this we require a lot of calculation that too in binary⊙﹏⊙∥. So instead we can use another way to do this is through reject option in route add command.
Hence we can add reject for any range or a single host destination, and the result is a reject rule added in our routing table(second rule). The second rule where there is no Gateway or an interface is the rule added by running the command.
Now let’s try pinging…
Hence it is clear that the route for Facebook is rejected, hence we can even try to connect via the browser…
Solution 2.) Since we are using the DNS of Facebook(facebook.com) and Google(google.com) for pinging, and hence our DNS is being resolved by some DNS server into an IP before any connection request is sent their way. So we can use another way to disrupting the connection that is by not allowing our system to have the IP addresses of the server.
Note in the snippet above how facebook.com is being translated to
220.127.116.11 while google.com is translated to
18.104.22.168 . We can create a sort of a DNS poisoning so that wrong IP is the DNS is translated to some wrong IP say
192.168.29.4 . Let’s first check what happens when we ping
Note the error as Destination Host Unreachable, this is because no such host(host with IP address 192.168.29.4) exists.
Now, to poison our DNS I am going to use a very very simple way, i.e. by providing the wrong IP to the hosts file for the the host name facebook.com locally i.e. by using the hosts file to create a hostname
facebook.com for 192.168.29.4. And since that file is checked prior to DNS translation, it will create a pseudo DNS poisoning.
Now let’s do a ping test…
Hence we our connection has failed successfully\(@^0^@)/…
Solution 2 shows us how dangerous DNS poisoning can be as rather than us using non existent IP address, if someone were to create a copy of Facebook on their own system, some user can be phished if they aren’t careful. Hence it is necessary to always to look for https before entering any credentials, as it is much more secure and requires the creation of authentic certificates and certificate checks. However it is very much possible and has become prevalent in recent years. Also entering credentials via an open hotspot or WiFi possess the same threat and is hence highly not recommended.
Task Completed Successfully (⌐■_■)!!!🎉🐱🏍✔
Thank you for reading!!!😁 I hope you enjoyed it… You are awesome!!!