Closed Tinydile closed 6 years ago
Hi, You are right, the DNS server side expects to receive only requests from the DNSExfiltrator client side with the appropriate type and formatting.
I will add some further verification on the request type before handling it.
Stay tuned.
Just pushed a version with type verification prior to handling the request.
Though I admit there should be more checks on the format of the request received, just in case the script receives a TXT request (QType=16) from another client, not properly formatted. I'll do that later, no time today.
Hi, thank you for your quick action. Yes, this time it looks work well so far. Thanks!
Hello, thank you for your fantastic work! I found sometimes the server dies, and believed that it is because of recieving bogus DNS data such as:
[1] DNS requests which generated from others [2] Duplicated DNS record
For example, I saw the following:
The tcpdump is here:
In the case, the DNS records start with "ns1" and "ns2" seem to trigger the error. So I added the following:
But it should not enough ...