1 Lab Overview
DNS (Domain Name System) is the Internet’s phone book; it translates hostnames to IP addresses (and vice
versa). This translation is through DNS resolution, which happens behind the scene. DNS attacks manip-
ulate this resolution process in various ways, with an intent to misdirect users to alternative destinations,
which are often malicious. The objective of this lab is to understand how such attacks work. Students will
first set up and configure a DNS server, and then they will try various DNS attacks on the target that is also
within the lab environment.
The difficulties of attacking local victims versus remote DNS servers are quite different. Therefore, we
have developed two labs, one focusing on local DNS attacks, and the other on remote DNS attack. This lab
focuses on local attacks. This lab covers the following topics:
DNS and how it works
DNS server setup
DNS cache poisoning attack
Spoofing DNS responses
Packet sniffing and spoofing
The Scapy tool
Readings and videos. Detailed coverage of the DNS protocol and attacks can be found in the following:
Chapter 18 of the SEED Book, Computer & Internet Security: A Hands-on Approach, 2nd Edition,
by Wenliang Du. See details at https://www.handsonsecurity.net.
Section 7 of the SEED Lecture, Internet Security: A Hands-on Approach, by Wenliang Du. See details
at https://www.handsonsecurity.net/video.html.
Lab environment. This lab has been tested on our pre-built Ubuntu 16.04 VM, which can be downloaded
from the SEED website.
2 Lab Tasks (Part I): Setting Up a Local DNS Server
The main purpose of this lab is on DNS attacks, and our attacking target is a local DNS server. Obviously, it
is illegal to attack a real machine, so we need to set up our own DNS server to conduct the attack experiments.
The lab environment needs three separate machines: one for the victim, one for the DNS server, and the other
for the attacker. We will run these three virtual machines on one physical machine. All these VMs will run
our pre-built Ubuntu VM image. Figure 1 illustrates the setup of the experiment environment. For the VM
network setting, if you are using VirtualBox, please use “NAT Network” as the network adapter for
each VM. If you are using Vmware, the default “NAT” setting is good enough.
For the sake of simplicity, we put all these VMs on the same network. In the following sections, we
assume that the user machine’s IP address is 10.0.2.18, the DNS Server’s IP is 10.0.2.16 and the attacker machine’s IP is 10.0.2.17. We need to configure the user machine and the local DNS server; for
