Beispiel #1
0
def handle_packet(nfqueue_element):
    try:
        ip_packet = dpkt.ip.IP(nfqueue_element.get_payload())
        dns_packet = dpkt.dns.DNS(ip_packet.udp.data)
        questions = [question for question in dns_packet.qd if question.type == dpkt.dns.DNS_A]
        dns_packet.domain = questions[0].name if questions else None
        if contains_wrong_answer(dns_packet):
        # after the fake packet dropped, the real answer can be accepted by the client
            LOGGER.debug('drop fake dns packet: %s' % repr(dns_packet))
            jamming_event.record('%s: dns hijacking' % dns_packet.domain)
            nfqueue_element.drop()
            return
        nfqueue_element.accept()
        dns_service_status.last_activity_at = time.time()
    except:
        LOGGER.exception('failed to handle packet')
        nfqueue_element.accept()
Beispiel #2
0
def record_jamming_event(ip, event):
    event = '%s: %s %s' % (dns_service.get_domain(ip) or 'unknown.com', ip, event)
    LOGGER.error('jamming event: %s' % event)
    jamming_event.record(event)