Thursday, May 22, 2014

Quantum-DNS trickery

(SIGILL//FVPNS//NOPORN//FORNFCK//MRKLBANG)

I made quantum-dns available in my github.

Its simple to use (non-recursive) DNS server for
IPv4 and IPv6 and also works without having an
IP address assigned to the interface (i.e. it can
answer any DNS query).

Similar to my writeup on QUANTUMINSERT it also contains
a demo FoxAcid script for HTTP. Theoretically it'd also quite easy to make STARTTLS disappear with quantum-dns if its not
enforced on the sender side. While with QUANTUMINSERT
you need to see the TCP sequence# and port, with DNS you
need the XID and port, so it makes entirely sense to
have good passive capabilities for e.g. 3G/4G.
A monitor port on a large peering point is enough capability though.

Thats a sample run from my lab (please forgive me :)




And yes thats trivially to implement, but so is
QUANTUMINSERT which is so easy that I never considered it
an attacking scenario either. It was fun to code though
to get hands on DNS again. For DNSSEC support, you need
to purchase special license. :)


Friday, May 16, 2014

load balancing trickery

After cleaning up the sources a bit and making
sure it compiles on current Linux distros, I uploaded
my old IPv4/IPv6 load balancer to my github.

I started this project in 2004, back in the days
at university. 10 years ago, it was the first load balancer available for IPv6 and in 2006 I finally presented the project at
some balancing conference in Silicon Valley.
(Even though you see some other names of my CS department
there, the whole code is written by me. In academics however
you form research groups and you are not going to rock
the world single-core.)

It works on IP level, so its suitable to balance
SSL/VPN/tor traffic etc too. For IPv4 it has integrated
failover/hotplug support for the backend nodes.