Smart Home firewall
Profile-based Smart Home firewall
Functions | Variables
dns_wrong_name Namespace Reference

Functions

def main ()
 FUNCTIONS ###.
 

Variables

string mac_src = "50:c7:bf:ed:0a:54"
 GLOBAL VARIABLES ###.
 
string mac_dst = "c0:56:27:73:46:0b"
 
string ip_src = "192.168.1.135"
 
string ip_dst = "192.168.1.1"
 
int port_dst = 53
 
string qname = "eu.pool.ntp.com"
 

Detailed Description

Attack towards the `dns-query-plug-ntp` policy of the TP-Link smart plug.
Issue DNS requests for an incorrectly spelled NTP server domain name.
Packets have the following signature:
    - Source MAC address:       50:c7:bf:ed:0a:54 (TP-Link smart plug MAC address)
    - Destination MAC address:  c0:56:27:73:46:0b (gateway MAC address)
    - Source IPv4 address:      192.168.1.135 (TP-Link smart plug IPv4 address)
    - Destination IPv4 address: 192.168.1.1 (gateway IPv4 address)
    - Destination UDP port:     53 (DNS port)
    - DNS query:                "eu.pool.ntp.com" (correct would be "eu.pool.ntp.org")
All packets should be blocked.