CNIT 40 Proj 3x: Source Port Randomization on Linux (10 pts.)

What You Need for This Project

A Linux DNS server, which you prepared in previous projects.
I wrote it using Kali, but if you use some other version of Linux that's OK too.

Purpose

Examine a Linux DNS server to see if it randomized source ports during recursive lookups.

Start Your DNS Server

Start VMware Player and run the Linux server you prepared previously.

Testing your DNS Server

In a Terminal window, execute the following command:

netstat -an | grep :53

Your server should show processes listening on both TCP and UDP ports 53, as shown below.

In a Terminal window, execute the following command:

dig @127.0.0.1 ccsf.edu

This looks up ccsf.edu using your local recursive resolver.

You should see a non-authoritative answer of 147.144.1.212, as shown below.

Start Wireshark

Open a new Terminal window and execute the following command:

wireshark

A box pops up saying 'Running as user "root" and group "root" could be dangerous'.

We laugh at danger. Click OK.

On the left side, click your eth0. Click Start.

In the "Filter" bar, type dns and press Enter.

Performing Three Recursive Queries

In a Terminal window, execute the following commands.

dig @127.0.0.1 attack.samsclass.info dig @127.0.0.1 fog.ccsf.edu dig @127.0.0.1 ftp.ccsf.edu

Wireshark should show many DNS queries and responses, as shown below.

Observing Source Ports

In Wireshark, click Capture, Stop.

Look in the Info column, on the right side, and click a "Standard query..." packet.

In the middle pane, expand the "User Datagram Protocol..." line.

Right-click "Source port..." and click "Apply as Column", as shown below.

If necessary, scroll up until you find several "Standard query" packets. The Source Port for each packet should be visible as a column.

On Kali Linux, the ports are random, as shown below (ignore the port 53 values). Random ports are much more secure, making cache poisoning very difficult.

Saving a Screen Image

Make sure Wireshark shows the Source Port for at least two "Standard query" packets. The ports will probably be random, but if you have a really old version of Bind, they might all be the same.

Click the taskbar at the bottom of your host computer's desktop, to make the host machine listen to the keyboard, instead of the virtual machine.

Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.

YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!

On the host machine, not the virtual machine, click Start.

Type mspaint into the Search box and press the Enter key.

Click in the untitled - Paint window, and press Ctrl+V on the keyboard. The desktop appears in the Paint window.

In the upper left corner of the "untitled - Paint" window, click the little blue square icon (it looks like a floppy disk, something people used to use long ago--you might never have seen one).

Save the document with the filename "YOUR NAME Proj 3x", replacing "YOUR NAME" with your real name.

Turning In Your Project

Email the image to me as an attachment to an e-mail message. Send it to: cnit.40@gmail.com with a subject line of "Proj 3x From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Last modified 4:47 pm 10-8-13