|
-
January 16th, 2008, 04:25 PM
#1
 anyone familiar with nemesis dns?
I'm generating custom packets to test some IDS rules and using nemesis dns, in this case. The documentation says I can feed it a payload file (which is perfect, 'cause I can then tweak specific things in there that I want to look at) -- but it doesn't say what form the payload file should be in. ascii doesn't seem to be working...
MAN says:
"The payload file can consist of any arbitary data though it will be most useful to create a payload resembling the structure of the DNS packet specified using the command-line options. In order to send real DNS packets, a payload containing the appropriate record data (as specified in the DNS header) must be created manually." -- OK, did that. In fact, took a legitimate DNS query (ascii) and feed it that = malformed packets... according to WireShark.
Other switches for nemesis involve more basic settings, such as: source IP, dest IP, etc.
Other Internet searches come up with a cut-n-paste of the MAN page (gee, thanks!).
Anyone have experience with this?
Thanks!
Cheers,
~m
-
January 17th, 2008, 08:07 AM
#2
Capture a real dns request and use the data in that packet. The payload should be binary data as it is in a regular request.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By Enchantingsylph in forum Newbie Security Questions
Replies: 7
Last Post: July 24th, 2006, 07:23 AM
-
By Lv4 in forum Web Security
Replies: 4
Last Post: December 12th, 2003, 02:16 AM
-
By HONEYIMHOME in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: December 4th, 2003, 07:12 PM
-
By Simo in forum Web Development
Replies: 3
Last Post: May 5th, 2003, 06:51 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote