Projet

Général

Profil

Modifier Historique

WikiStart »

Mentiodns » Historique » Version 13

sacha, 25/06/2018 17:41

1 1 sacha 
h1. Mentiodns
2 





    3
    
    
    
Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;)





    4
    
    
    





    5
    4
    sacha
    
h2. Noeud actifs





    6
    
    
    





    7
    
    
    
|_. Nom |_. Bloc |





    8
    
    
    
| Mezzanine | domain_names.com_sortedad |





    9
    
    
    
| Millicent | domain_names.com_sortedab |





    10
    9
    sacha
    
| Sacha | domain_names.org_sortedaa |





    11
    
    
    
| Sacha | domain_names.org_sortedab |





    12
    
    
    
| Sacha | domain_names.org_sortedab |





    13
    10
    sacha
    
| Sacha | domain_names.org_sortedac |





    14
    
    
    
| Sacha | domain_names.org_sortedac |





    15
    4
    sacha
    
| Taziden | domain_names.com_sortedac |





    16
    
    
    





    17
    
    
    
h2. Mentio





    18
    
    
    





    19
    
    
    
<pre>





    20
    
    
    
#-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-#





    21
    
    
    
#  MENTIODNS : Check for lying DNS (France)  #





    22
    
    
    
#--------------------------------------------#





    23
    13
    sacha
    
#  Version 1.6 - conf file                   # 





    24
    
    
    
#  Version 1.5 - test Dig resolving          #





    25
    
    
    
#  Version 1.4 - Socat SSL sending results   # 





    26
    
    
    
#  Version 1.3 - tld optioN                  #





    27
    1
    sacha
    
#  Version 1.2 - Round robin on DNS_ISP_LIST #





    28
    13
    sacha
    
#		 For each request	     #





    29
    4
    sacha
    
#  Version 1.1 - Allow resume on basename    #





    30
    
    
    
#  Version 1.0 - Parallel process with DIG   #





    31
    
    
    
#--------------------------------------------#





    32
    1
    sacha
    
# (c) Sacha at Aquilenet.fr part of FFDN.org #





    33
    
    
    
#--------------------------------------------#





    34
    
    
    





    35
    
    
    
# This shity script intend to bruteforce the ISP lying DNS Servers to identify which one





    36
    9
    sacha
    
# is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server





    37
    13
    sacha
    
# Use this script with the following paramters 





    38
    
    
    
# 1 - domain names file (file with list of domain names whithout the tld  





    39
    9
    sacha
    
# 2 - position number if it is not given the script will start at the begining





    40
    1
    sacha
    
# If you relanch the script it will check if it has a counter for the given file to resume





    41
    
    
    
# Blacklisted sites in $BLACKLIST_LOG file





    42
    13
    sacha
    
# Diff ip from a domain name are in $DIFF_LOG 





    43
    1
    sacha
    





    44
    13
    sacha
    
# 1st launch creating config file





    45
    
    
    





    46
    
    
    
# Parameters:





    47
    
    
    
# $1 MODE: client server local





    48
    
    
    
# $2 File source: list of domain names whithout tld





    49
    
    
    
# $3 tld: com, org, ... 





    50
    
    
    
# $4 count number (if none from zero or from count file based on file name)





    51
    
    
    





    52
    1
    sacha
    
#############################





    53
    13
    sacha
    
HOMEDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )





    54
    
    
    
MENTIOCONF="$HOMEDIR/mentio.conf"





    55
    
    
    
# Number of parallel requests thruw dig





    56
    
    
    
parallel=10





    57
    1
    sacha
    
#############################





    58
    
    
    





    59
    
    
    
#--------------------------------------





    60
    13
    sacha
    
### CHECK CONFIG





    61
    
    
    
if [ ! -f $MENTIOCONF ]; then





    62
    
    
    
echo "=================================================================="





    63
    
    
    
echo "MENTIODNS"





    64
    
    
    
echo "------------------------------------------------------------------" 





    65
    
    
    
echo "1st time configuring"





    66
    
    
    
echo -n "IP UNBOUND ? "





    67
    
    
    
read DNS_MY





    68
    1
    sacha
    





    69
    13
    sacha
    
echo 'HOMEDIR="'$HOMEDIR'"' > $MENTIOCONF





    70
    
    
    
echo 'DNS_MY="'$DNS_MY'"' >> $MENTIOCONF





    71
    
    
    
IP_PUB=`curl ifconfig.io`





    72
    
    
    
ASN=`whois -h whois.cymru.com $IP_PUB |cut -d' ' -f1|sed -n "2p"`





    73
    
    
    
DNS_LIST="$HOMEDIR/mentio-DNS_ISP_LIST"





    74
    
    
    
DNS_ISP_LIST=`grep $ASN $DNS_LIST|cut -d' ' -f3-`





    75
    
    
    
echo 'DNS_ISP_LIST="'$DNS_ISP_LIST'"' >> $MENTIOCONF





    76
    
    
    
echo "------------------------------------------------------------------"





    77
    
    
    
echo " CONFIGURATION FILE:"





    78
    
    
    
echo " please check and relaunch"





    79
    
    
    
echo "------------------------------------------------------------------"





    80
    
    
    
cat $MENTIOCONF





    81
    
    
    
echo "------------------------------------------------------------------"





    82
    
    
    
exit 1





    83
    
    
    
fi





    84
    1
    sacha
    





    85
    13
    sacha
    
### Get parameters from config file





    86
    
    
    
source $MENTIOCONF





    87
    
    
    





    88
    
    
    
#-------------------------------------





    89
    
    
    
### PARAMETERS to execute the script





    90
    
    
    
# Mode Log export with socat "client" "server" "local"





    91
    
    
    
MODE=$1





    92
    
    
    
# $2 DNS source file name





    93
    
    
    
DNS_SOURCE=$2





    94
    
    
    
# $3 TLD name (com, org...)





    95
    
    
    
tld=$3





    96
    1
    sacha
    
# line counter from the dns source file, nothing for auto-resuming





    97
    13
    sacha
    
COUNT=$4





    98
    4
    sacha
    





    99
    13
    sacha
    
if [ $MODE == "server" ]; then





    100
    
    
    
socat -v -u openssl-listen:65522,fork,reuseaddr,cert=mentio_ssl-server.pem,cafile=mentio_ssl-client.crt OPEN:$HOMEDIR/DNS_DIFF,creat,append 





    101
    
    
    
exit 1





    102
    
    
    
fi





    103
    
    
    
 





    104
    
    
    
#--------------------------------------





    105
    
    
    
### SOCAT





    106
    
    
    
SERVER="10.11.12.22:65522"





    107
    
    
    
SENDSOCAT="socat stdio openssl-connect:$SERVER,verify=0,cert=$HOMEDIR/mentio_ssl-client.pem,cafile=$HOMEDIR/mentio_ssl-server.crt"





    108
    
    
    
#--------------------------------------





    109
    
    
    
### COLORS 





    110
    1
    sacha
    
RED='\e[31m'





    111
    
    
    
GREEN='\e[32m'





    112
    
    
    
YELLOW='\e[33m'





    113
    13
    sacha
    
GRAY='\e[90m'





    114
    1
    sacha
    
NC='\033[0m' # No Color





    115
    13
    sacha
    
#--------------------------------------





    116
    4
    sacha
    
DNS_SOURCE_BASENAME=`basename $DNS_SOURCE`





    117
    
    
    
DIFF_LOG="$HOMEDIR/DNS_DIFF"





    118
    
    
    
BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED"





    119
    1
    sacha
    
lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'`





    120
    
    
    
countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME"





    121
    13
    sacha
    
dateus=`date +%Y%m%d-%H%M%S`





    122
    
    
    
#--------------------------------------





    123
    
    
    
DIG_FAST="+nodnssec +short +timeout=1 +tries=2"





    124
    
    
    
DIG_SLOW="+nodnssec +short +timeout=5 +tries=3 "





    125
    
    
    
#--------------------------------------





    126
    1
    sacha
    





    127
    
    
    
_check(){





    128
    
    
    
i=0





    129
    
    
    
url=""





    130
    
    
    
while [ $i -lt $parallel ]





    131
    
    
    
do





    132
    
    
    
n=`expr $count + $i`





    133
    13
    sacha
    
ISP_DNS=`echo $DNS_ISP_LIST | xargs -n 1| sort -R | head -n 1`





    134
    1
    sacha
    
url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld"





    135
    
    
    
i=`expr $i + 1`





    136
    
    
    
done





    137
    
    
    
}





    138
    
    
    





    139
    13
    sacha
    





    140
    1
    sacha
    
#--------------------------------------





    141
    
    
    
if [ -z $COUNT ]; then





    142
    13
    sacha
    
	if [ -f $countfile ]; then





    143
    
    
    
	count=`cat $countfile`





    144
    
    
    
	else





    145
    
    
    
	count=0





    146
    
    
    
	echo $count > $countfile





    147
    
    
    
	fi





    148
    4
    sacha
    
else count=$COUNT





    149
    
    
    
echo $count > $countfile





    150
    
    
    
fi





    151
    
    
    
#--------------------------------------





    152
    
    
    





    153
    
    
    
while [ "$count" != "$lines" ]; do





    154
    
    
    
echo $count > $countfile





    155
    
    
    
_check





    156
    
    
    
site="$url"





    157
    
    
    
echo "-------------------------------------------------------------------------------"





    158
    13
    sacha
    
echo "#$count $dateus SITE:$site"





    159
    
    
    
if nomentio=`dig @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$nomentio" ]; then





    160
    
    
    
	echo -e "$GRAY Unknown zone $site $NC" 





    161
    
    
    
fi





    162
    
    
    
if mentio=`dig $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$mentio" ]; then





    163
    
    
    
	echo -e "$GRAY Unknown zone $site $NC"





    164
    
    
    
fi





    165
    
    
    





    166
    4
    sacha
    
if [ -n "$nomentio" ] && [ -n "$mentio" ]; then





    167
    
    
    
    if [ "$nomentio" != "$mentio" ]; then





    168
    13
    sacha
    
	for i in $site; do





    169
    
    
    
		if nomentio1=`dig $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$nomentio1" ]; then





    170
    
    
    
			echo -e "$GRAY Unknown zone $i $NC"





    171
    
    
    
		fi





    172
    
    
    
		ISP_DNS=`echo $DNS_ISP_LIST | xargs -n 1| sort -R | head -n 1`





    173
    
    
    
		if mentio1=`dig $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$mentio1" ]; then





    174
    
    
    
			echo -e "$GRAY Unknown zone $i $NC"





    175
    
    
    
		fi





    176
    
    
    
			if [ "$nomentio1" != "$mentio1" ]; then





    177
    
    
    
        			if [[ $mentio1 == 90.85.* ]]; then





    178
    
    
    
		                        if [ $MODE == "client" ]; then





    179
    
    
    
                		        	echo "!!! $dateus `hostname` SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC" | $SENDSOCAT





    180
    
    
    
                        		fi





    181
    
    
    
					echo -e "$RED !!! $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC"





    182
    
    
    
					echo "!!! $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG





    183
    
    
    
				else





    184
    
    
    
                        			if [ $MODE == "client" ]; then





    185
    
    
    
                        				echo ">>> $dateus `hostname` SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" | $SENDSOCAT





    186
    
    
    
                        			fi                   





    187
    
    
    
					echo -e "$YELLOW >>> SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC"





    188
    
    
    
					echo ">>> $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $DIFF_LOG





    189
    
    
    
				fi





    190
    
    
    
			fi





    191
    
    
    
	done





    192
    1
    sacha
    
    else





    193
    13
    sacha
    
    echo -e "$GREEN#$count  SITE:$site  $NC"





    194
    3
    sacha
    
    fi





    195
    1
    sacha
    
fi





    196
    
    
    





    197
    
    
    
count=`expr $count + $parallel`





    198
    
    
    





    199
    
    
    
done





    200
    7
    sacha
    
</pre>





    201
    3
    sacha
    





    202
    2
    sacha
    
h2. Test (valide au 14/06/18)





    203
    
    
    





    204
    1
    sacha
    
 dig +short shahamat1.com





    205
    7
    sacha
    
 90.85.16.52





    206
    3
    sacha
    





    207
    1
    sacha
    
h2. Liste de serveurs DNS FAI Français





    208
    
    
    





    209
    
    
    
h3. Free - ASN12322





    210
    11
    sacha
    





    211
    12
    sacha
    
212.27.40.240





    212
    11
    sacha
    
212.27.40.241





    213
    
    
    
212.27.40.244





    214
    
    
    
212.27.40.245





    215
    7
    sacha
    





    216
    3
    sacha
    
h3. Bouygues - ASN5410





    217
    1
    sacha
    





    218
    
    
    
194.158.122.10





    219
    
    
    
194.158.122.15





    220
    
    
    





    221
    
    
    
h3. SFR/Numericable - ASN5410





    222
    
    
    





    223
    
    
    
89.2.0.1





    224
    
    
    
89.2.0.2





    225
    
    
    





    226
    
    
    
h3. SFR - ASN15557





    227
    
    
    





    228
    
    
    
109.0.66.10





    229
    
    
    
109.0.66.20





    230
    
    
    





    231
    
    
    
h3. Orange - ASN3215





    232
    
    
    





    233
    2
    sacha
    
80.10.246.1





    234
    3
    sacha
    
80.10.246.2





    235
    1
    sacha
    
80.10.246.3





    236
    
    
    
80.10.246.5





    237
    6
    sacha
    
80.10.246.7





    238
    
    
    
80.10.246.129





    239
    
    
    
80.10.246.130





    240
    
    
    
80.10.246.132





    241
    
    
    
80.10.246.134





    242
    8
    sacha
    
80.10.246.136





    243
    
    
    
81.253.149.1





    244
    
    
    
81.253.149.2





    245
    
    
    
81.253.149.6





    246
    1
    sacha
    
81.253.149.9





    247
    11
    sacha
    
81.253.149.10





    248
    1
    sacha
    





    249
    
    
    
h3. OBS (ouverts)





    250
    
    
    





    251
    
    
    
194.2.0.20





    252
    
    
    
194.2.0.50





    253
    
    
    





    254
    
    
    
h2. Vigies de la neutralité





    255
    
    
    





    256
    
    
    
https://ooni.torproject.org





    257
    
    
    
https://respectmynet.eu





    258
    
    
    





    259
    
    
    
h2. Cadre légal





    260
    
    
    





    261
    
    
    
https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164&fastPos;=2&fastReqId;=606073666&categorieLien;=cid&oldAction;=rechTexte#LEGIARTI000029756525        





    262
    
    
    
le décret https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=LEGITEXT000030315036&dateTexte;=20150305&categorieLien;=cid#LEGITEXT000030315036  





    263
    
    
    
https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=JORFTEXT000030195477&dateTexte;=20180619