dns - Is there any way to prevent getaddrinfo from revealing the true IP address of a hostname? -

-

Let's say there is a program that opens the HOSTS file to ensure that it is not being recalculated anywhere. (It wants to connect to www.example.com but ensures that you do not have entry in the HOSTS file).

Instead, you decide to add a DNS entry, so Www.example.com actually indicates 123.123.1.123. So it works.

But then the program becomes clever and calls getaddrinfo to ensure that what is being done on 123.123.1.123. Is there a way to hide this information, or to change the IP address of a given hostname in any alternative way?

Is there a way to create a normal IP for www.example.com for 123.03.1.123?

I think maybe maybe everyone, but I'm wondering what is the better way. Perhaps there is a way to avoid reading the Windows HOSTS file?

Or is there a way to cheat the packet, it seems they come from "www.example.com"? (Assuming I have complete control over acquiring / receiving packets on the software)

Getaddrinfo () Looks for network name proposals from different sources, let's be simple and say that it just looks first in the HOSTS file and then in the DNS server. These are some of the ways that you think "www.example.com" can legally try to trick your smart program into 123.123.1.123 (with increasing complexity):

  1. HOSTS file. As you've already mentioned, the program can easily view this file, so it does not look very promising. HOSTS will not help protecting the file from reading, because then you can solve its name Will not be able to use it.

  2. Using a Local DNS Server How grip can your program get, it can not be easily done - after all we are talking about DNS spoofing. In the simplest case, you can configure this server to be the official DNS server for the "example.com" area, but if you really want to understand (and we're out of the scope of getaddrinfo () ) You may also have some changes in the root server configuration, just to avoid the program to check with some root server or "com" TLD server (I know that this should be done in all configurations Could bind, I do not know about other DNS servers). However, the program can argue that it will not rely on a local DNS server. Even if you did not use "127.0.0.1" but your Network IP, it can detect that the DNS address is owned by the local machine. So let's go a little further.

  3. Using Remote DNS Servers To say a little bit here. Only those you did before, only in an external computer If the program is not ready to accept a DNS from its own network or from any private network (eg, 1920.18.1.x), then you may have to manage it by putting it on public IP. At this point, the program should be exceptionally honest to find a hole in deception. But suppose, and suppose that the IP address of the DNS root servers is hardly coded - it will know that this is a conspiracy! One more step, then again.

  4. Configure the router in the network according to your moves. We are starting to get extreme here, but, that you have complete control over the network, this is the ultimate solution to building that program, which in reality assumes that it is in lawful land, just routes Setup so that root DNS IPs can be mapped to your DNS server. So this is it. Okay?

    Okay?

    Well, surprisingly, some people, though, all of these were just very easy , so they came with, which is basically an extension of the protocol, which is a cryptographic key. Along with the need to sign DNS data. And so the fact is, if this hellish program knows the public key of the valid DNS server and all the petitions need to use DNSSEC, then it can not present all of your efforts to do anything. [/ P]

  5. Steal DNSSEC signing keys from the DNS root server. Okay, I'm afraid I can not really help you, but if you come on it then consider sharing your experiences point.

Comments

Post a Comment

Popular posts from this blog

Pass DB Connection parameters to a Kettle a.k.a PDI table Input step dynamically from Excel -

-
Image
I have a requirement whenever I run my own kettle, dynamically took database connection parameters from an excel source Every run should go. I have an Excel column names: hostname, username, database, password. I want to pass these connection parameters to my table input stage dynamically whenever it runs the job. This is what I was trying to do. You can get it Connection parameters from the DB reading source (for example Excel or a CSV file in my example) < / Li> Store the parameters in the variable Using the variable in your connection's settings. Setting Variables Create another conversion for (you can not do it in the same conversion Uses): set variables element variable: The element that reads / writes your data creates a new connection and sets the connection parameter using $ {variable name_} Note that you will need to type in the field field in the field $ {password} Also keep in mind that this can be a security problem as the
Read more

multithreading - PhantomJS-Node in a for Loop -

-
I am trying to implement a screen-scraps application that opens a URL in which a parameter changes as it is for a loop: var data = [ '100', '101', '102', '103', '104']; (Var indexA = 0; indexA & lt; data.length; indexA ++) for {Phantom Generation ({'port': freeport}, function (pH) {ph.create page (function (page) {page.open ("http: //...++ data [index B] +" ... " , Status {console.log ("open site:" + data [index B], position); / * OLD * / indexB ++; page evaluation (function () {// page scrape and an object Return}, function {console.log (result.dataRequest); // here is the problem}); / * new and fixed * / indexB ++} first console Logs it: Open Site: 100 Success Opens Site: 101 Success B Ola Site: 102 Success Opening Site: 103 Success Opened Site: 104 Success Which is good. Data is verified in scrap HTML and from index to array Matches. So in page 101 I scrap '101 and retrieve' and pu
Read more

c++ - MATLAB .m file to .mex file using Matlab Compiler -

-
I know that it can speak as a very famous topic, but something that helps me with it Not found This scenario is: I have my functions function, no matter what's inside, it's a generic function that may depend on other toolboxes. Does. Has input and output; I want to generate the same myFun.mex function; : Lib myFun This way I get some new files: libmyfun.c libmyfun.dll Libmyfun.exp libmyfun.exports libmyfun .h libmyfun.lib Reading around and I think that Creating a myfun.cpp that is very famous is included: / * gateway function * / zero max function (ent NLHS, MXARRA * PLS [], int NRHS, CONST M Xeray * PHS []) Here is the Variable Deals * / / * code here * /} I have tried to do this and are called Regular of Max Generation: Max ('- v', 'myfun.cpp') But I get many errors, and I should say that my myfun.cpp copy / Paste Function is where I have a lot of doubts ... especially on input / output management. My q
Read more