Exception on line 76 due to not finding DNS Question Record in packet

[dacelbot]

Thanks for your research on this topic, it's quite interesting. When attempting to reproduce the test in an Azure Kubernetes System lab cluster, I don't seem to be intercepting any DNS packets. I keep getting an error where the packets sniffed by the script don't have a DNS layer; Specifically, in the function build_req_struct() I get an exception on line 76, if str(packet['DNS Question Record'].qname) == DOMAINNAME + '.':. If I put in a try/except block and print the exception, the exception is 'Layer [DNS Question Record] not found', which makes sense as if I print the packet's contents the ones sniffed have an Ethernet, IP and TCP layer, but nothing for DNS.

Am I doing something wrong here (likely), or is this an issue with the script?

[C-h4ck-0]

Hi, Thanks! I'm glad you enjoyed it :)

Just to make sure - was the ARP spoofing attack worked? It looks like you don't get the DNS response back from the DNS service.

You can test it by running the tool just until line 164 in the "main" function (it'll run only the arp spoofing part). After you do that, access the victim pod and make sure the MAC address of the cni0 device is actually the MAC address of the attacker's pod. Use arp -a to see the ARP table.

[dacelbot]

Thanks for your reply. It appears the ARP spoofing attack is working; I commented out everything after line 164 and ran the script up to that point, running arp -a before and after on the target pod. After the script prints "Sending spoofed ARP responses", arp -a on the target reports that the gateway IP is at the same MAC address as the attacker pod, rather then it's actual MAC.