wenlong1423
3/16/2014 - 9:43 AM
DNS.md
//ss只是个示范,没啥意义
var ss = ['d0381f2b','d1244921','d1913632','d1dc1eae','d35e4293','d5a9fb23'];
function long2ip (num) {
var str;
var tt = new Array();
tt[0] = (num >>> 24) >>> 0;
tt[1] = ((num << 8) >>> 24) >>> 0;
tt[2] = (num << 16) >>> 24;
tt[3] = (num << 24) >>> 24;
str = String(tt[0]) + "." + String(tt[1]) + "." + String(tt[2]) + "." + String(tt[3]);
return str;
};
var re = [];
for (i in ss) {
re.push(long2ip(parseInt(ss[i], 16)));
}//ss只是个示范,没啥意义
var ss = ['CA 6A 01 02', 'DC FA 40 E2', 'DC FA 40 E3', 'DC FA 40 E4'];
function long2ip (num) {
var str;
var tt = new Array();
tt[0] = (num >>> 24) >>> 0;
tt[1] = ((num << 8) >>> 24) >>> 0;
tt[2] = (num << 16) >>> 24;
tt[3] = (num << 24) >>> 24;
str = String(tt[0]) + "." + String(tt[1]) + "." + String(tt[2]) + "." + String(tt[3]);
return str;
};
var re = [];
for (i in ss) {
re.push(long2ip(parseInt(ss[i].replace(/ /g,''), 16)));
}##u32模块怎么用
以
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 \
"0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xdd030d3a,0x3d9c0c3a,0x3d9c08bd"\
-j DROP
为例 关键部分是
"0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xdd030d3a,0x3d9c0c3a,0x3d9c08bd"
- 开始的0意思是从ip包的第0个byte开始,抓取4bytes(
这里的4是u32模块抓取的固定长度) - &后面的
0x0F000000是掩码,即将上面抓取的4bytes与掩码做与运算,过滤掉不需要的部分 - =后面的
0x05000000是比较对象,即将上面与运算后的结果与之比较,如果相等则匹配成功 - 上面的全部规则匹配ip头为20的包(IP头长度由IP包的4-7bit决定)
- &&就是&&
- 22&0xFFFF参考上面说过的,上面已经确定IP头为20字节长,所以可以确定UDP包头从20字节开始,UDP包头的长度在UDP包的4,5字节确定,所以抓取时,要抓取到UDP包的2,3,4,5字节,也就是IP包的22,23,24,25字节,所以从22字节开始抓取,抓取4字节,与FFFF与运算后得到后两个字节,即下图的
Length
- @的作用是从ip包的0字节开始,跳过@的左面的式子计算的结果,16是从之后的结果开始,抓取第16,17,18,19字节,这四个字节就是DNS包应答结果的第一个IP
上图中高亮部分即为IP包头,长度为20字节,IP包从高亮部分头开始计算长度
参考官网 有个用u32来屏蔽某些网站的,可以参考 DNS Amplification Attacks Observer
#感谢AntiDNSPoisoning
#建议使用u32模块
#包含了clear DNS source.txt所有IP
#hex-string必须是8位,前面是0的要写
#todo bm算法可能有遗漏
#todo 不推荐在mangle表做操作
#todo 对某些情况(nslookup 递归查询联通DNS,可能会返回同时包含真假结果的包)无效
iptables -N cleardns -t mangle
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|042442b2|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|0807c62d|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|253d369e|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|2e52ae44|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3b1803ad|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|402158a1|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|4021632f|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|4042a3fb|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|4168cafc|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|422dfced|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|480ecd63|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|480ecd68|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|4e10310f|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|5d2e0859|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|80797e8b|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|9f6a794b|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|a9840d67|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|c043c606|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|cab50755|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|cb620741|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|cba1e6ab|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|cf0c5862|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d0381f2b|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d1244921|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d1913632|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d1dc1eae|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d35e4293|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d8ddbcb6|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d8eab30d|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|f3b9bb27|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|43d74184|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|43d74d84|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d0452284|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|d0452084|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b7d510c|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|65e20a08|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4013|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4014|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4015|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4016|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4017|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4018|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa4019|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa401a|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa401b|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa401d|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa401e|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa40e1|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa40e2|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa40e3|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dcfa40e4|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe0b|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe0c|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe0d|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe0f|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe10|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe11|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe12|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|7b81fe13|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3a35d32e|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3a35d32f|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca666ecb|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca666ecd|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca6ac722|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca6ac723|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca6ac724|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca6ac725|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|ca6ac726|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3d8b0865|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3d8b0866|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3d8b0867|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3d8b0868|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|dd030d3a|" --from 60 --to 180 -j DROP
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|3d9c0c3a|" --from 60 --to 180 -j DROP
#丢掉不包含任何查询结果的包
iptables -t mangle -I cleardns -p udp --sport 53 -m u32 --u32 "4 & 0x1FFF = 0 && 0 >> 22 & 0x3C @ 8 & 0x8000 = 0x8000 && 0 >> 22 & 0x3C @ 14 = 0" -j DROP
#丢掉Answer、Authority和Additional均为0的应答
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|81 80 00 01 00 00 00 00 00 00|" --from 30 --to 40 -j DROP
iptables -t mangle -I PREROUTING -m udp -p udp --sport 53 -j cleardns
#包含了clear DNS source.txt所有IP
#openwrt 清理DNS
iptables -N cleardns -t mangle
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x42442b2,0x807c62d,0x253d369e,0x2e52ae44,0x3b1803ad,0x402158a1,0x4021632f,0x4042a3fb,0x4168cafc,0x41a0db71" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x422dfced,0x480ecd63,0x480ecd68,0x4e10310f,0x5d2e0859,0x80797e8b,0x9f6a794b,0xa9840d67,0xc043c606,0xca6a0102" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xcab50755,0xcb620741,0xcba1e6ab,0xcf0c5862,0xd0381f2b,0xd1244921,0xd1913632,0xd1dc1eae,0xd35e4293,0xd5a9fb23" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xd8ddbcb6,0xd8eab30d,0xf3b9bb27,0x43d74184,0x43d74d84,0xd0452284,0xd0452084,0x7b7d510c,0x65e20a08,0xdcfa4012" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xdcfa4013,0xdcfa4014,0xdcfa4015,0xdcfa4016,0xdcfa4017,0xdcfa4018,0xdcfa4019,0xdcfa401a,0xdcfa401b,0xdcfa401c" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xdcfa401d,0xdcfa401e,0xdcfa40e1,0xdcfa40e2,0xdcfa40e3,0xdcfa40e4,0x7b81fe0b,0x7b81fe0c,0x7b81fe0d,0x7b81fe0e" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x7b81fe0f,0x7b81fe10,0x7b81fe11,0x7b81fe12,0x7b81fe13,0x3a35d32e,0x3a35d32f,0xca666ecb,0xca666ecd,0xb4a829af" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xca6ac722,0xca6ac723,0xca6ac724,0xca6ac725,0xca6ac726,0x3d8b0865,0x3d8b0866,0x3d8b0867,0x3d8b0868,0x3cbf7cec" -j DROP
iptables -t mangle -I cleardns -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xdd030d3a,0x3d9c0c3a,0x3d9c08bd" -j DROP
#丢掉不包含任何查询结果的包
iptables -t mangle -I cleardns -p udp --sport 53 -m u32 --u32 "4 & 0x1FFF = 0 && 0 >> 22 & 0x3C @ 8 & 0x8000 = 0x8000 && 0 >> 22 & 0x3C @ 14 = 0" -j DROP
#丢掉Answer、Authority和Additional均为0的应答
iptables -t mangle -I cleardns -p udp --sport 53 -m string --algo bm --hex-string "|81 80 00 01 00 00 00 00 00 00|" --from 30 --to 40 -j DROP
iptables -t mangle -I PREROUTING -m udp -p udp --sport 53 -j cleardns//生成iptables清理DNS的u32模块使用的字符串
var ss = ['4.36.66.178','8.7.198.45','37.61.54.158','46.82.174.68','59.24.3.173','64.33.88.161','64.33.99.47','64.66.163.251','65.104.202.252','65.160.219.113','66.45.252.237','72.14.205.99','72.14.205.104','78.16.49.15','93.46.8.89','128.121.126.139','159.106.121.75','169.132.13.103','192.67.198.6','202.106.1.2','202.181.7.85','203.98.7.65','203.161.230.171','207.12.88.98','208.56.31.43','209.36.73.33','209.145.54.50','209.220.30.174','211.94.66.147','213.169.251.35','216.221.188.182','216.234.179.13','243.185.187.39','67.215.65.132','67.215.77.132','208.69.34.132','208.69.32.132','123.125.81.12','101.226.10.8','220.250.64.18','220.250.64.19','220.250.64.20','220.250.64.21','220.250.64.22','220.250.64.23','220.250.64.24','220.250.64.25','220.250.64.26','220.250.64.27','220.250.64.28','220.250.64.29','220.250.64.30','220.250.64.225','220.250.64.226','220.250.64.227','220.250.64.228','123.129.254.11','123.129.254.12','123.129.254.13','123.129.254.14','123.129.254.15','123.129.254.16','123.129.254.17','123.129.254.18','123.129.254.19','58.53.211.46','58.53.211.47','202.102.110.203','202.102.110.205','180.168.41.175','202.106.199.34','202.106.199.35','202.106.199.36','202.106.199.37','202.106.199.38','61.139.8.101','61.139.8.102','61.139.8.103','61.139.8.104','60.191.124.236','221.3.13.58','61.156.12.58','61.156.8.189'];
function ip2int(ip)
{
var num = 0;
ip = ip.split(".");
num = Number(ip[0]) * 256 * 256 * 256 + Number(ip[1]) * 256 * 256 + Number(ip[2]) * 256 + Number(ip[3]);
num = num >>> 0;
return num;
}
var re = ["","","","","","","","","","","","","","","",""];
//10,iptables貌似最多只能有10个一起
for (i in ss) {
re[Math.floor((i)/10)] += ("0x" + ip2int(ss[i]).toString(16) + ",");
}整理结果
#wiki
#https://zh.wikipedia.org/wiki/%E5%9F%9F%E5%90%8D%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%BC%93%E5%AD%98%E6%B1%A1%E6%9F%93
4.36.66.178
8.7.198.45
37.61.54.158
46.82.174.68
59.24.3.173
64.33.88.161
64.33.99.47
64.66.163.251
65.104.202.252
65.160.219.113
66.45.252.237
72.14.205.99
72.14.205.104
78.16.49.15
93.46.8.89
128.121.126.139
159.106.121.75
169.132.13.103
192.67.198.6
202.106.1.2
202.181.7.85
203.98.7.65
203.161.230.171
207.12.88.98
208.56.31.43
209.36.73.33
209.145.54.50
209.220.30.174
211.94.66.147
213.169.251.35
216.221.188.182
216.234.179.13
243.185.187.39
bogus domain
bogus-nxdomain.china.conf
https://raw.github.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
#OpenDNS
67.215.65.132
67.215.77.132
208.69.34.132
208.69.32.132
#DNSPai
123.125.81.12
101.226.10.8
#Nanfang Unicom (nfdnserror1.wo.com.cn to nfdnserror17.wo.com.cn)
220.250.64.18
220.250.64.19
220.250.64.20
220.250.64.21
220.250.64.22
220.250.64.23
220.250.64.24
220.250.64.25
220.250.64.26
220.250.64.27
220.250.64.28
220.250.64.29
220.250.64.30
220.250.64.225
220.250.64.226
220.250.64.227
220.250.64.228
#Shandong Unicom (sddnserror1.wo.com.cn to sddnserror9.wo.com.cn)
123.129.254.11
123.129.254.12
123.129.254.13
123.129.254.14
123.129.254.15
123.129.254.16
123.129.254.17
123.129.254.18
123.129.254.19
#Wuhan Telecom
58.53.211.46
58.53.211.47
#Nanjing Telecom
202.102.110.203
202.102.110.205
#Shanghai Telecom
180.168.41.175
#Beijing Unicom (bjdnserror1.wo.com.cn to bjdnserror5.wo.com.cn)
202.106.199.34
202.106.199.35
202.106.199.36
202.106.199.37
202.106.199.38
#Chengdu Telecom
61.139.8.101
61.139.8.102
61.139.8.103
61.139.8.104
#Hangzhou Telecom
60.191.124.236
#http://fxin.wap.blog.163.com/w2/blogDetail.do?hostID=fxin&blogId=fks_080068085082087064085086085095086080087064092095087
221.3.13.58
61.156.12.58
61.156.8.189##DNS
- 使用国内的干净的 DNS (OPENERDNS PandaDNS 中科大 DNS)
- 使用 TCP 或其他尚未被 GFW 干扰的 DNS 查询方式查询国外 DNS
- pdnsd 支持 TCP
- Tcp-DNS-proxy
- 非标准端口,德国隐私基金会, OPENDNS, V2EX DNS(3389端口可用)
- dnscrypt-proxy
- 本地忽略虚假 DNS 应答
- AntiDNSPoisoning(底层)(可以参考)
- ch3n2k(用的是 iptables
u32模块) - 本地运行 DNS 代理服务器
- DNS via SOCKS5
###WIN下比较方便的