Proj 13: DNSCurve (15 pts.)

What you need

Purpose

First you'll observe normal DNS traffic, and see how it compromises your privacy by sending domain names over the network in plaintext.

After installing a DNScurve client, you'll see that some private DNS traffic is now encrypted.

Getting Wireshark

If you don't have it already, download and install Wireshark from this URL. (Scroll to the bottom to find the download links.)

https://www.wireshark.org/

Viewing Normal DNS Traffic

Open Wireshark. On the left side of the screen, click the interface that goes to the Internet (probably "Ethernet") and click Start.

At the top of the Wireshark window, in the Filter: bar, enter this code:

frame contains facebook && dns
Press Enter.

Now Wireshark will only show DNS traffic containing "facebook".

Open a Web browser and go to

facebook.com

Wireshark should show DNS traffic resolving the domain name, as shown below.

From the Wireshark menu bar, click Capture, Stop.

Saving a Screen Image

Make sure Wireshark is visible, showing facebook in the captured packets.

Click on the host machine's desktop.

Press Shift+PrintScrn. That will copy the whole desktop to the clipboard.

Open Paint and paste in the image.

Save the image with the filename "Your Name Proj 13a". Use your real name, not the literal text "Your Name". YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Privacy Implications

This is pretty nasty--anyone who inspects the network traffic can see what sites each person is visiting anytime.

Monitoring DNS is a common technique used to catch employees doing forbidden Web surfing at work.

To maintain privacy, this traffic should be encrypted, but the DNS protocol doesn't include that option.

Downloading and Installing a DNSCurve Client

Open a Web browser and go to

https://simplednscrypt.org/

Click the "Download .msi (Installer)" button, as shown below.

Install the software with the default options. After the installation, a "Standard Settings" box appears, as shown below.

You need to make three changes here, as indicated by the blue boxes above.

Adjusting the DNS Resolver Address

Now you need to tell your computer to use the DNSCurve process, which is listening on port UDP 53 of the localhost.

Click Start. Type "NETWORK AND SHARING". Open "Network and Sharing Center". In the top left, click "Change adapter settings". (Note: On some Windows versions, this link is labelled "Manage network connections" instead.)

Right-click the adapter that connects to the Internet and click Properties, as shown below.

In the "Ethernet Properties" box, scroll down and double-click "Internet Protocol Version 4 (TCP/IPv4)", as shown below.

In the "Internet Protocol Version 4 (TCP/IPv4) Properties" sheet, in the lower section, select "Use the following DNS server addresses" and enter a "Preferred DNS server" of 127.0.0.1, as shown below.

Click OK. Click OK.

Restarting Packet Capturing

In Wireshark, from the menu bar, click Capture, Start. Click "Continue without Saving".

At the top of the Wireshark window, in the Filter: bar, enter this code:

frame contains kitten && dns
Press Enter.

Now Wireshark will only show DNS traffic containing "kitten".

Open a Web browser and go to

kittenwar.com

The Web page opens, but Wireshark doesn't find any kitten-related DNS packets, as shown below.

From the Wireshark menu bar, click Capture, Stop.

Viewing DNSCurve Packets

At the top of the Wireshark window, in the Filter: bar, enter this code:
udp.port == 443
Press Enter.

Wireshark now shows the DNSCurve packets, as shown below. The domain names are encrypted and unreadable.

In the middle pane of Wireshark, the layer 4 line should show "User Datagram Protocol" and either a "Src Port" or "Dst Port" of 443, as shown below.

Saving a Screen Image

Make sure Wireshark's center pane is visible, showing "User Datagram Protocol" and either a "Src Port" or "Dst Port" of 443.

Click on the host machine's desktop.

Press Shift+PrintScrn. That will copy the whole desktop to the clipboard.

Open Paint and paste in the image.

Save the image with the filename "Your Name Proj 13b". Use your real name, not the literal text "Your Name". YOU MUST SUBMIT AN IMAGE OF THE WHOLE DESKTOP TO GET FULL CREDIT!

Turning in your Project

Send the image to: cnit.120@gmail.com with a subject line of "Proj 13 From Your Name", replacing Your Name with your own first and last name. Send a Cc to yourself.


Posted 10-9-15 by Sam Bowne