Payload Inspection (continued)

A second attempt:

    use Net::DNS::Packet;
    ...

    my $udp = NetPacket::UDP->decode($ip->{data});

    if ($udp->{src_port} == 53) {
        my ($dns, $err) = Net::DNS::Packet->new(\$udp->{data});
        eval { $dns->string };

        if ($@) {
            warn "Blocking invalid DNS packet\n";
            $ipq->set_verdict($msg->packet_id, NF_DROP);
        } else {
            warn "Permitting valid DNS packet:\n\n", $dns->string;
            $ipq->set_verdict($msg->packet_id, NF_ACCEPT);
        }
    }

Testing with bogus data:

    [root@quint ~]# echo FOOOOOOOOOOOOOOOOOOOOOO \
        | nc -v -v -u -p 53 ellesmere.netisland.net 4242

The output:

    Blocking invalid DNS packet

Next	© 2003 Michael C. Toren