alphasoc / flightsim

A utility to safely generate malicious network traffic patterns and evaluate controls.
https://alphasoc.com
Other
1.27k stars 134 forks source link

invalid interface being used for DNS queries #39

Closed tg closed 3 years ago

tg commented 3 years ago

flightsim tries to be smart and picks up external interface default for the internet traffic – this works fine for IP traffic simulators, but not necessarily for DNS. We had a situation lately (on AWS VM) where the default interface was in 10.0.0.0/8, but the DNS server was running under 127.0.0.53. As we were binding to 10.x.x.x, the whole DNS traffic was going into oblivion and was not registered by Route53.

We need to solve the problem above plus add some sort of reporting to detect such problems and let user know if DNS queries are not reaching any server.