beautypg.com

Dns spoofing – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 84

background image

73

DNS spoofing

Figure 29 Application of DNS spoofing

DNS spoofing is applied to the dial-up network, as shown in

Figure 29

.

The device connects to the PSTN/ISDN network through a dial-up interface and triggers the
establishment of a dial-up connection only when packets are to be forwarded through the dial-up

interface.

The device serves as a DNS proxy and is specified as a DNS server on the hosts. After the dial-up
connection is established through the dial-up interface, the device dynamically obtains the DNS

server address through DHCP or other autoconfiguration mechanisms.

Without DNS spoofing enabled, the device forwards the DNS requests received from the hosts to the
DNS server, if it cannot find a match in the local domain name resolution table. However, without any

dial-up connection established, the device cannot obtain the DNS server address and cannot forward or

answer the requests from the clients. The domain name cannot be resolved and no traffic triggers the

establishment of a dial-up connection.
DNS spoofing can solve the problem. DNS spoofing enables the device to reply the DNS client with a

configured IP address when the device does not have a DNS server address or route to a DNS server.

Subsequent packets sent by the DNS client trigger the establishment of a dial-up connection with the

network.
In the network of

Figure 29

, a host accesses the HTTP server in following these steps.

1.

The host sends a DNS request to the device to resolve the domain name of the HTTP server into an
IP address.

2.

Upon receiving the request, the device searches the local static and dynamic DNS entries for a
match. If no match is found and the device does know the DNS server address, the device spoofs

the host by replying a configured IP address. The TTL of the DNS reply is 0. Note that the device

must have a route to the IP address with the dial-up interface as the outgoing interface.

3.

Upon receiving the reply, the host sends an HTTP request to the replied IP address.

4.

When forwarding the HTTP request through the dial-up interface, the device establishes a dial-up

connection with the network and dynamically obtains the DNS server address through DHCP or
other autoconfiguration mechanisms.

5.

When the DNS reply ages out, the host sends a DNS request to the device again.

6.

Then the device operates the same as a DNS proxy. For more information, see “

Operation of a

DNS proxy

.”

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: