'''
This program simulate as a DNS server
server = '192.168.160.1'
dns_header = '\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00'
dns_queries = ''
#\x7f\x00\x00\x01 is 127.0.0.1 you can replace it with
dns_answers = '\xc0\x0c\x00\x01\x00\x01'+'\x00\x00\x01\x2c'+'\x00\x04\x7f\x00\x00\x01'
address = (server, 53)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(address)
while True:
data, addr = s.recvfrom(2048)
print "received from", addr
id = data[0:2]
dns_queries = data[12:]
dns_msg = id+dns_header+dns_queries+dns_answers
s.sendto(dns_msg,addr)
s.close()
This program simulate as a DNS server
'''
一直工作在UDP 53端口监听DNS请求。收到请求后取出transcation id,query的数据,构造一个DNS相应包。每次返回的IP地址都是127.0.0.1(\x7f\x00\x00\x01)
用于样本分析,触发网络行为。
server = '192.168.160.1'
dns_header = '\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00'
dns_queries = ''
#\x7f\x00\x00\x01 is 127.0.0.1 you can replace it with
dns_answers = '\xc0\x0c\x00\x01\x00\x01'+'\x00\x00\x01\x2c'+'\x00\x04\x7f\x00\x00\x01'
address = (server, 53)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(address)
while True:
data, addr = s.recvfrom(2048)
print "received from", addr
id = data[0:2]
dns_queries = data[12:]
dns_msg = id+dns_header+dns_queries+dns_answers
s.sendto(dns_msg,addr)
s.close()