A DNS packet injection and DNS poisoning detection utility.
DNS Packet Injection: dnsinject [-i interface] [-f hostnames] expression
-i interface: Listen on network device (e.g., eth0). If not specified, dnsinject will select a default interface to listen on. The same interface will be used for packet injection.
-f hostnames: Read a list of IP address and hostname pairs specifying the hostnames to be hijacked. If '-f' is not specified, dnsinject will forge replies for all observed requests with the local machine's IP address as an answer.
is a BPF filter that specifies a subset of the traffic to be monitored.
DNS injection implemented in C for faster runtime and injection purposes.
DNS Poisoning Detection: dnsdetect [-i interface] [-r tracefile] expression
-i interface: Listen on network device (e.g., eth0). If not specified, dnsdetect will select a default interface to listen on.
-r tracefile: Read packets from (tcpdump format).
is a BPF filter that specifies a subset of the traffic to be monitored.
Once an attack is detected, dnsdetect will print to stdout a detailed alert containing a printout of both the spoofed and legitimate responses.