January 16th, 2008, 03:25 PM
anyone familiar with nemesis dns?
I'm generating custom packets to test some IDS rules and using nemesis dns, in this case. The documentation says I can feed it a payload file (which is perfect, 'cause I can then tweak specific things in there that I want to look at) -- but it doesn't say what form the payload file should be in. ascii doesn't seem to be working...
"The payload file can consist of any arbitary data though it will be most useful to create a payload resembling the structure of the DNS packet specified using the command-line options. In order to send real DNS packets, a payload containing the appropriate record data (as specified in the DNS header) must be created manually." -- OK, did that. In fact, took a legitimate DNS query (ascii) and feed it that = malformed packets... according to WireShark.
Other switches for nemesis involve more basic settings, such as: source IP, dest IP, etc.
Other Internet searches come up with a cut-n-paste of the MAN page (gee, thanks!).
Anyone have experience with this?
January 17th, 2008, 07:07 AM
Capture a real dns request and use the data in that packet. The payload should be binary data as it is in a regular request.
Experience is something you don't get until just after you need it.
By Enchantingsylph in forum Newbie Security Questions
Last Post: July 24th, 2006, 07:23 AM
By Lv4 in forum Web Security
Last Post: December 12th, 2003, 01:16 AM
By HONEYIMHOME in forum AntiOnline's General Chit Chat
Last Post: December 4th, 2003, 06:12 PM
By Simo in forum Web Development
Last Post: May 5th, 2003, 06:51 AM
By THEJRC in forum Security Archives
Last Post: January 24th, 2002, 07:28 AM