10/15/2019 Hack Router Port 53 Dns Settings
The next thing you must do is set up your router to forward incoming traf- fic on ports 53 and 80 to your DNS/web server. Connecting to a web inter- face built into.
One of the ways to keep an eye on all visited sites is to redirect dns requests on Mikrotik to the IP of the router itself. With this, we will not only ensure that untrusted public dns servers are not used, we will be able to keep an eye on visited sites through name resolution in the dns cache. In organisations with domain controllers, we can redirect dns requests on Mikrotik to force all users to make use of the company’s dns server. This will ensure that users who are not in the domain do not have access to the internet even when they are assigned public dns addresses.
You may also like: Redirect dns requests on Mikrotik It is quite easy to redirect dns requests on Mikrotik, using destination NAT. First, we need to know the protocol and port number for dns, and the IP address of the local dns server. If the Mikrotik router is to used as the preferred dns server, then the IP address on the LAN interface of the Mikrotik router will be used. Below are the parameters needed to accomplish this task.
rad-hlProtocol: tcp and udp Port number: 53 Preferred dns server: 192.168.88.1 /rad-hl Configuration The configuration commands required to redirect dns requests on Mikrotik to the IP addrees on the LAN interface of the router are given below. The command is same for redirecting to local dns server hosted on any device on the LAN.
/ip firewall nat add chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 to-address=192.168.881 comment=Make Mikrotik preferred dns server Finally, assign the router a dns address and check the box to allow remote requests. See steps below. /ip dns set servers=8.8.8.8 allow-remote-requests=yes We can see resolved doamin names in the dns cache by clicking on cache in IP dns settings. If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email.
Also subscribe to my, like.
It's all about recon. The more an attacker can map your network, the better off they are. This can be especially sensitive if you have static IP's that don't move around. DNS servers, given you do not separate out recursive services from SOA (given you have any), can be used for various attacks that will affect hosts on your network such as cache poisoning.
![]()
Not to mention, that by opening up your DNS server with little config tweaking (rate-limiting, ACLs, etc.), you are opening yourself up for DNS Amplification and Reflection attacks similar to what is being seen with NTP lately. Examples and explanations of the NTP reflection can be found here: If you would like to know how to best secure your DNS server, I point you to the following document that the NSA published on securing the DNS architecture. All NSA jokes aside, this is some very good information that falls inline with industry best practices. The document can be found here.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |