Skip to content

A DNS packet injection and poisoning detection utility

Notifications You must be signed in to change notification settings

abapat/DNSPoison

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DNSPoison

A DNS packet injection and DNS poisoning detection utility.

DNS Packet Injection: dnsinject [-i interface] [-f hostnames] expression

-i interface: Listen on network device (e.g., eth0). If not specified, dnsinject will select a default interface to listen on. The same interface will be used for packet injection.

-f hostnames: Read a list of IP address and hostname pairs specifying the hostnames to be hijacked. If '-f' is not specified, dnsinject will forge replies for all observed requests with the local machine's IP address as an answer.

is a BPF filter that specifies a subset of the traffic to be monitored.

DNS injection implemented in C for faster runtime and injection purposes.

DNS Poisoning Detection: dnsdetect [-i interface] [-r tracefile] expression

-i interface: Listen on network device (e.g., eth0). If not specified, dnsdetect will select a default interface to listen on.

-r tracefile: Read packets from (tcpdump format).

is a BPF filter that specifies a subset of the traffic to be monitored.

Once an attack is detected, dnsdetect will print to stdout a detailed alert containing a printout of both the spoofed and legitimate responses.

About

A DNS packet injection and poisoning detection utility

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published