0
Initially fighting against DNS Leak, for both knowledge and privacy, I end with a computer that asks the FAI box for a local address located outside of its scope (another network)... I've spend hours trying to understand the reasons for that.
What I want is wlan1 to check if IP is in its scope, or (if a hostname is provided) with dnsmasq if hostname exists and, in this case, resolv and tell me it can't proceed. Instead, wlan1 continue the check and ask the FAI box...
Parts of the network:
- a main computer
- a eeePC, running my Web developments
a FreeBox that gives me access to internet
- The EEPC is not connected to the FreeBox
- The main computer is connected to the FreeBox (
wlan1
) - The main computer is connected to the EEPC (
eth1
) - The main computer runs
DnsMasq
on:53
First I set eth1
to be static
auto eth1
iface eth1 inet static
address 192.168.1.42
netmask 255.255.255.0
network 192.168.1.0
Second I remove
ed, --purged
and finally removed manually (because it was not well done) everything that was related to resolvconf
package.
Third I've chattr +i /etc/resolv.conf
. The file contains :
nameserver localhost
nameserver 84.200.69.80 84.200.70.40
And I've added the strict-order
directive to /etc/dnsmasq.conf
Finally I connected to the wifi which is WEP secured :
wlan1 IEEE 802.11bgn ESSID:"***************"
Mode:Managed Frequency:2.417 GHz Access Point: ******
Bit Rate=9 Mb/s Tx-Power=16 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:**********
Power Management:off
Link Quality=40/70 Signal level=-70 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:132 Missed beacon:0
Ip of wlan1
is 192.168.0.26
(DhCP
obtained);
eeePC has static ip : 192.168.1.2
The main computer see the eePC on the correct interface :
ping -I eth1 eeepc
PING eeepc.dev (192.168.1.2) from 192.168.1.42 eth1: 56(84) bytes of data.
64 bytes from eeepc.dev (192.168.1.2): icmp_seq=1 ttl=64 time=0.554 ms
64 bytes from eeepc.dev (192.168.1.2): icmp_seq=2 ttl=64 time=0.178 ms
64 bytes from eeepc.dev (192.168.1.2): icmp_seq=3 ttl=64 time=0.171 ms
64 bytes from eeepc.dev (192.168.1.2): icmp_seq=4 ttl=64 time=0.158 ms
^C
--- eeepc.dev ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
But here is the crazy thing :
ping -I wlan1 192.168.1.2
PING 192.168.1.2 (192.168.1.2) from 192.168.0.26 wlan1: 56(84) bytes of data.
From 192.168.0.254 icmp_seq=1 Destination Host Unreachable
From 192.168.0.254 icmp_seq=2 Destination Host Unreachable
From 192.168.0.254 icmp_seq=3 Destination Host Unreachable
From 192.168.0.254 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3002ms
Worst :
ping -I wlan1 eeepc
PING eeepc.dev (192.168.1.2) from 192.168.0.26 wlan1: 56(84) bytes of data.
From Freebox-Server.local (192.168.0.254) icmp_seq=1 Destination Host Unreachable
From Freebox-Server.local (192.168.0.254) icmp_seq=2 Destination Host Unreachable
From Freebox-Server.local (192.168.0.254) icmp_seq=3 Destination Host Unreachable
From Freebox-Server.local (192.168.0.254) icmp_seq=4 Destination Host Unreachable
^C
--- eeepc.dev ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3002ms
The main computer ends to ask the FreeBox to resolv the eeePC. I'm afraid it is a DNS leak. But above all, I feel like there is something I miss completely...
if I change the network range of eth1 <--> eeePC from 192.168.0.1/24 to 10.10.10.1/24, the problem disappear. I have my solution but I dislike to misunderstand what happens inside computers. I hope someone with skills will take time to answer and indicate my errors. – Guillaume Fe – 2015-10-25T20:55:31.983
FAI? and why are you pinging the eeepc using the exit interface for the FreeBox rather than the interface that the eeePC is on? there should not be a route to the eeepc's network if the traffic exits the wlan1 interface. if you drop the
-I inf-name
tokens, the main computer will examine its route table, and send the ping out eth1 as it should. Because you have given it impossible instructions, it cannot complete. and what does any of this have to do with DNS? – Frank Thomas – 2015-10-25T21:25:54.723the DNS names in the ping output are not leaking (your "crazy" output proves that), and the main PC is in a position to see both realms, so it is not a valid place to test for DNS leakage. – Frank Thomas – 2015-10-25T21:41:32.203
Thank you for your feeback. I ping the target from wrong network to watch if everything was fine, and it was not. Using impossible requests appears for me to be a valid technic to hack things. Problem was not the fact that the main computer was able to see both networks. Problem was the main computer transferred the impossible request out of its boundaries. This was completely unexpected and represents an IP and a DNS leakage. Indeed, for me, it sounds unacceptable to let any IAP (not FAI) know anything about the internal IP or the domains I use. But it depends the security level one require. – Guillaume Fe – 2015-10-25T23:55:26.960