This shows you the differences between two versions of the page.
isc:labs:08 [2023/12/04 12:20] florin.stancu |
isc:labs:08 [2024/04/22 13:55] (current) florin.stancu [[30p] 2. Iptables] |
||
---|---|---|---|
Line 200: | Line 200: | ||
=== [10p] Task D: DNS blocking === | === [10p] Task D: DNS blocking === | ||
- | * Block access to Facebook by using iptables to block all DNS queries containing "facebook.com". | + | * Block access to Facebook by using iptables to block all [[https://routley.io/posts/hand-writing-dns-messages#question|DNS queries]] containing "facebook.com". |
* **Hint**: The ''string'' iptables module can do packet contents matching (''sudo iptables -m string -help''). But what does a DNS query look like? | * **Hint**: The ''string'' iptables module can do packet contents matching (''sudo iptables -m string -help''). But what does a DNS query look like? | ||
* **Note**: you can supply a hex string parameter with the syntax ''|HH HH HH ...|<plaintext>'' (e.g., ''hello|20 57 6F|rld'') to match binary contents of a packet! Also choose a string matching algorithm! | * **Note**: you can supply a hex string parameter with the syntax ''|HH HH HH ...|<plaintext>'' (e.g., ''hello|20 57 6F|rld'') to match binary contents of a packet! Also choose a string matching algorithm! |