Leider schon geändert, habe Deine letzte Antwort knapp verpaßt. Die Änderungen alle der Reihe nach durchgeführt, spoofen funktioniert aber nicht.
Hier alle Ausgaben, die REMs enthalten auch ein paar Fragen.
§ Eingaben
nn@FujAH530:~$ sudo iptables -I INPUT 1 -d 127.0.1.1 -p tcp --dport 53 -j REJECT
[sudo] password for nn:
nn@FujAH530:~$ sudo iptables -I OUTPUT 1 -s 127.0.1.1 -p tcp --sport 53 -j REJECT
REMjoule: das -p tcp habe ich eingefügt, sonst Fehlermeldung im Terminal. Hätte ich -p all eingeben müssen? Leider
schweigt sich die manpage darüber aus, ob eine Liste von Protokollen zulässig ist und wie sie geschrieben wird
(, oder Leerzeichen als Separator)?
§ Liste aus iptables:
nn@FujAH530:~$ sudo iptables -S INPUT
-P INPUT DROP
-A INPUT -d 127.0.1.1/32 -p tcp -m tcp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
nn@FujAH530:~$ sudo iptables -S OUTPUT
-P OUTPUT ACCEPT
-A OUTPUT -s 127.0.1.1/32 -p tcp -m tcp --sport 53 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
§ Die über ufw eingegebenen Regeln (werden in iptables natürlich angezeigt, nur umgekehrt nicht):
nn@FujAH530:~$ sudo iptables -S ufw-user-output
-N ufw-user-output
-A ufw-user-output -d 193.169.13.13/32 -j REJECT --reject-with icmp-port-unreachable
§ Auszug Ausgabe tcpdump:
nn@FujAH530:~$ sudo tcpdump -vvveni any host 127.0.1.1 and port 53
[sudo] password for nn:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
17:48:15.585651 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 29353, offset 0, flags [DF], proto UDP (17), length 82)
127.0.0.1.37156 > 127.0.1.1.53: [bad udp cksum 0xff51 -> 0xde4a!] 15490+ A? soft-start.loop.services.mozilla.com. (54)
17:48:15.601349 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 150: (tos 0x0, ttl 64, id 52228, offset 0, flags [DF], proto UDP (17), length 134)
127.0.1.1.53 > 127.0.0.1.37156: [bad udp cksum 0xff85 -> 0x87b7!] 15490 q: A? soft-start.loop.services.mozilla.com. 2/0/0 soft-start.loop.services.mozilla.com. [4m29s] CNAME soft-start.loop.r53-2.services.mozilla.com., soft-start.loop.r53-2.services.mozilla.com. [2m55s] A 127.25.153.153 (106)
17:48:16.098407 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 64, id 59260, offset 0, flags [none], proto UDP (17), length 98)
127.0.1.1.53 > 127.0.0.1.37156: [udp sum ok] 15490 q: A? soft-start.loop.services.mozilla.com. 1/0/0 soft-start.loop.services.mozilla.com. [1m] A 193.169.13.13 (70)
17:48:42.732512 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 31524, offset 0, flags [DF], proto UDP (17), length 82)
127.0.0.1.47779 > 127.0.1.1.53: [bad udp cksum 0xff51 -> 0xf974!] 63448+ A? soft-start.loop.services.mozilla.com. (54)
17:48:42.737184 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 150: (tos 0x0, ttl 64, id 54534, offset 0, flags [DF], proto UDP (17), length 134)
127.0.1.1.53 > 127.0.0.1.47779: [bad udp cksum 0xff85 -> 0xa319!] 63448 q: A? soft-start.loop.services.mozilla.com. 2/0/0 soft-start.loop.services.mozilla.com. [4m1s] CNAME soft-start.loop.r53-2.services.mozilla.com., soft-start.loop.r53-2.services.mozilla.com. [2m27s] A 127.25.153.153 (106)
17:48:43.245181 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 64, id 19665, offset 0, flags [none], proto UDP (17), length 98)
127.0.1.1.53 > 127.0.0.1.47779: [udp sum ok] 63448 q: A? soft-start.loop.services.mozilla.com. 1/0/0 soft-start.loop.services.mozilla.com. [1m] A 193.169.13.13 (70)
17:48:48.146253 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 85: (tos 0x0, ttl 64, id 32352, offset 0, flags [DF], proto UDP (17), length 69)
127.0.0.1.44832 > 127.0.1.1.53: [bad udp cksum 0xff44 -> 0xe75e!] 9012+ A? safebrowsing.google.com. (41)
17:48:48.161562 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 120: (tos 0x0, ttl 64, id 54574, offset 0, flags [DF], proto UDP (17), length 104)
127.0.1.1.53 > 127.0.0.1.44832: [bad udp cksum 0xff67 -> 0x9d6b!] 9012 q: A? safebrowsing.google.com. 2/0/0 safebrowsing.google.com. [22h41m17s] CNAME sb.l.google.com., sb.l.google.com. [3m8s] A 216.58.211.14 (76)
17:48:48.213075 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 81: (tos 0x0, ttl 64, id 32363, offset 0, flags [DF], proto UDP (17), length 65)
127.0.0.1.41121 > 127.0.1.1.53: [bad udp cksum 0xff40 -> 0x7709!] 45039+ A? clients1.google.com. (37)
17:48:48.231387 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 121: (tos 0x0, ttl 64, id 54581, offset 0, flags [DF], proto UDP (17), length 105)
127.0.1.1.53 > 127.0.0.1.41121: [bad udp cksum 0xff68 -> 0xd9f9!] 45039 q: A? clients1.google.com. 2/0/0 clients1.google.com. [4m54s] CNAME clients.l.google.com., clients.l.google.com. [4m54s] A 216.58.211.14 (77)
17:48:48.361532 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 91: (tos 0x0, ttl 64, id 32394, offset 0, flags [DF], proto UDP (17), length 75)
127.0.0.1.49575 > 127.0.1.1.53: [bad udp cksum 0xff4a -> 0x4e0e!] 30714+ A? safebrowsing-cache.google.com. (47)
17:48:48.361606 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 101: (tos 0x0, ttl 64, id 59983, offset 0, flags [none], proto UDP (17), length 85)
127.0.1.1.53 > 127.0.0.1.44832: [udp sum ok] 9012 q: A? safebrowsing.google.com. 1/0/0 safebrowsing.google.com. [1m] A 193.169.13.13 (57)
17:48:48.361668 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 97: (tos 0x0, ttl 64, id 5884, offset 0, flags [none], proto UDP (17), length 81)
127.0.1.1.53 > 127.0.0.1.41121: [udp sum ok] 45039 q: A? clients1.google.com. 1/0/0 clients1.google.com. [1m] A 193.169.13.13 (53)
17:48:48.381797 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 64, id 54590, offset 0, flags [DF], proto UDP (17), length 126)
127.0.1.1.53 > 127.0.0.1.49575: [bad udp cksum 0xff7d -> 0x9197!] 30714 q: A? safebrowsing-cache.google.com. 2/0/0 safebrowsing-cache.google.com. [22h17m42s] CNAME safebrowsing.cache.l.google.com., safebrowsing.cache.l.google.com. [2m44s] A 216.58.211.46 (98)
17:48:48.463352 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 91: (tos 0x0, ttl 64, id 32410, offset 0, flags [DF], proto UDP (17), length 75)
127.0.0.1.47984 > 127.0.1.1.53: [bad udp cksum 0xff4a -> 0x20c9!] 43894+ A? safebrowsing-cache.google.com. (47)
17:48:48.471667 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 64, id 54600, offset 0, flags [DF], proto UDP (17), length 126)
127.0.1.1.53 > 127.0.0.1.47984: [bad udp cksum 0xff7d -> 0x6452!] 43894 q: A? safebrowsing-cache.google.com. 2/0/0 safebrowsing-cache.google.com. [22h17m42s] CNAME safebrowsing.cache.l.google.com., safebrowsing.cache.l.google.com. [2m44s] A 216.58.211.46 (98)
17:48:48.486271 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 91: (tos 0x0, ttl 64, id 32414, offset 0, flags [DF], proto UDP (17), length 75)
127.0.0.1.39491 > 127.0.1.1.53: [bad udp cksum 0xff4a -> 0x5911!] 37979+ A? safebrowsing-cache.google.com. (47)
17:48:48.494377 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 142: (tos 0x0, ttl 64, id 54601, offset 0, flags [DF], proto UDP (17), length 126)
127.0.1.1.53 > 127.0.0.1.39491: [bad udp cksum 0xff7d -> 0x9c9a!] 37979 q: A? safebrowsing-cache.google.com. 2/0/0 safebrowsing-cache.google.com. [22h17m42s] CNAME safebrowsing.cache.l.google.com., safebrowsing.cache.l.google.com. [2m44s] A 216.58.211.46 (98)
17:48:48.874276 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 107: (tos 0x0, ttl 64, id 38103, offset 0, flags [none], proto UDP (17), length 91)
127.0.1.1.53 > 127.0.0.1.49575: [udp sum ok] 30714 q: A? safebrowsing-cache.google.com. 1/0/0 safebrowsing-cache.google.com. [1m] A 193.169.13.13 (63)
17:48:48.874321 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 107: (tos 0x0, ttl 64, id 37583, offset 0, flags [none], proto UDP (17), length 91)
127.0.1.1.53 > 127.0.0.1.47984: [udp sum ok] 43894 q: A? safebrowsing-cache.google.com. 1/0/0 safebrowsing-cache.google.com. [1m] A 193.169.13.13 (63)
17:48:48.874344 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 107: (tos 0x0, ttl 64, id 60451, offset 0, flags [none], proto UDP (17), length 91)
127.0.1.1.53 > 127.0.0.1.39491: [udp sum ok] 37979 q: A? safebrowsing-cache.google.com. 1/0/0 safebrowsing-cache.google.com. [1m] A 193.169.13.13 (63)
§ REMjoule: Muß UDP auch in iptables per -p udp aktiviert werden?
nn@FujAH530:~$ dig +short twitter.com => REMjoule: da müßte eigentlich 193.169.13.13 stehen?
199.16.156.6
199.16.156.70
199.16.156.38
199.16.156.230
§ Leider schon geändert, siehe oben, funktioniert scheinbar nicht. Trotzdem hier die gewünschten Ausgaben:
nn@FujAH530:~$ ps aux | grep -i [d]ns
nobody 2424 0.0 0.0 7084 1480 ? S 17:43 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
root 2902 0.0 0.0 4660 2908 ? S 18:00 0:00 /usr/sbin/dnsspoof -i wlan0 -f /etc/hostsfile dst port 53
root 2903 0.0 0.0 4660 2904 ? S 18:00 0:00 /usr/sbin/dnsspoof -i lo -f /etc/hostsfile dst port 53
§
Grüße / joule