Forum Replies Created
-
Posts
-
Well, I’ve ‘crafted’ a correct dns request packet but the following problem occurs.
Modifying the dns request is done by altering the domainname together with altering the length of the udp and ip packets (including calculation of the checksums). This should be ok otherwise redirected packets which are smaller would not work either.
Logging the packets with ethereal shows that :
1) if the new packet is smaller than the original (shorter domainname) the request is ‘valid’
2) if the new packet is larger than the original I get ‘mailformed packet’What am I doing wrong here ? Ethereal shows that the length of the frame is not altered xxbytes on wire, xx bytes captured); should I modify this too ? And if so … how can I do that ?
Thank you serpentfly for your great support.
But … I’m just a little bit stuck on the altering of packets. As I stated earlier I now do have access to the udp/dns packet.
When I ‘overwrite’ the dns packet, can I do this within the already allocated buffer (by winpkfilter) OR do I need to create a totally new buffer. If so I do not have a clue how …. do you have an example ?
After altering the udp/dns packet I have to change the length of the UDP, TCP/IP packet too … is this correct ?
I could also wait on the response dns and change the IP address of the dns-answer packet. Is this easier to do ?
Thanks
After some struggling with the redirect of the packets (and it works) I am certain now I need to parse the DNS and modify the record to redirect the user. This because filtering (and redirecting) on IP adres is not failsafe. A domainname can have more ip-addresses …..
I’ve succeeded in getting to the DNS request structure from the send packet.
I’m not so lucky in altering the packet; this is logical because the redirect packet is greater in size than the original. This is where i get stuck.
I think I need to create a totally new packet with the correct DNS data. When I filter a packet which has to be redirected I copy the packet (except for the DNS), modify the etherheader size, ip-size and recalc the IP-,TCP- and UDP checksums …
Is that the correct way ? and … if you could please assist me do you have some example code to create a new packet ?
Many thanks
