I use socket module in python to connect to dns server on a router.The connection is succesful and if I send a message I get a blank reply but what are commands that I can write to dns server?
Router is a Huawei Hg552e
gateway: 192.168.1.1
dns server port: 53
The commands are not clear-text, so you need to read the protocol specification and implement it, or use a library that already implements that for you, for example, PyUnbound.
See RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION.
Related
I have never used OPC-UA before, but now faced with a task where I have to pull data from a OPC-UA machine to push to a SQL database using python. I can handle the database part, but how to basically connect to the OPCUA server when I have only the following fields available?
IP address 192.168.38.94
Port 8080
Security policy: Basic256
Username: della_client
Password: amorphous##
Some tutorials I saw directly use a url, but is there any way to form the URL from these parameters, or should I ask the machine owners something more specific to be able to connect? I just want to be sure of what I need before I approach him.
Related, how to use the same parameters in the application called UA-Expert to verify the connections as well? Is it possible?
If it is relevant, I am using python 3.10 on Ubuntu 22.04.
You need to know which protocol is used. Then you can create the URLs by using the IP address as domain:
OPC UA binary: opc.tcp://ip:port
https https://ip:port
OPC UA WebSockets opc.wss://ip:port
http http://ip:port (Deprecated in Version 1.03)
In your example this could be opc.tcp://192.168.38.94:8080 or https://192.168.38.94:8080
In most cases, the binary protocol is used. But the port 8080 is a typical http(s) port.
The credential and the securityPolice are needed later in the connection process.
And yes: You can test the URLs with the UaExpert. You can finde a step-by-step tutorial in the documention
I've seen many examples of how to send DNS requests via Scapy, but none for IPv6. For reference, I'm using Python 3, and ping6 ipv6.google.com is successful for me, so I seem to have a proper gateway. I'm trying to combine https://www.packetlevel.ch/html/scapy/scapyipv6.html and https://thepacketgeek.com/scapy-p-09-scapy-and-dns/, but I'm not sure how to do so exactly (just replacing IP(dst=dst) with IPv6(dst=dst) doesn't work). For reference, I've been trying to resolve "google.com" with Googles DNS Server (https://developers.google.com/speed/public-dns/docs/using).
Edit: I wish to be able to choose the DNS server I reach. For IPv4, I could do so with the following:
sr1(IP(dst=dns_dst)/UDP(dport=53)/DNS(rd=1, qd=DNSQR(qname=query_name)))
IPv6 Ping:
sr1(IPv6(dst="www.google.com")/ICMPv6EchoRequest(),timeout=3)
That would make a simple IPv6 packet with an echo request on top, and send/receive it on level 3
DNS over IPv6 on Google's public server, requesting an IPv6 address:
sr1(IPv6(dst="2001:4860:4860::8888")/UDP()/DNS(qd=DNSQR(qname="www.google.com", qtype="AAAA")))
I am on a journey of understanding what is the proper way to send an email from Python code. I have somewhat progressed in understanding of MX lookup, though: "the larger the island of knowledge, the longer the shoreline of wonder".
Thanks to this answer, I was able to send an email (to a disposable mailbox though), with this code-snippet:
import smtplib
from email.message import EmailMessage
message = EmailMessage()
message.set_content('Content of the message here.')
message['Subject'] = 'Mail sent from code'
message['From'] = 'whoever#whatever.com'
message['To'] = 'aloun36zmzazyxd3tyop#3mail.rocks'
smtplib.SMTP('mail.3mail.rocks:2525')
smtp_server.send_message(message)
smtp_server.quit()
Here is how I come up with SMTP address and port (mail.3mail.rocks:2525):
Done MX lookup for 3mail.rocks domain:
host -t mx 3mail.rocks
3mail.rocks mail is handled by 10 mail.3mail.rocks.
Then I just started checking ports used by default, with telnet mail.3mail.rocks xxx, this gave me the following results:
telnet mail.3mail.rocks 25
Trying 89.38.99.80...
telnet: connect to address 89.38.99.80: Connection refused
telnet: Unable to connect to remote host
telnet mail.3mail.rocks 465
Trying 89.38.99.80...
telnet: connect to address 89.38.99.80: Operation timed out
telnet: Unable to connect to remote host
telnet mail.3mail.rocks 587
Trying 89.38.99.80...
telnet: connect to address 89.38.99.80: Operation timed out
telnet: Unable to connect to remote host
telnet mail.3mail.rocks 2525
Trying 89.38.99.80...
Connected to mail.3mail.rocks.
Escape character is '^]'.
220 node1 ESMTP Haraka 2.8.16 ready
So, that is how I figured out the needed port (by brute-force, essentially).
I went on to test my snippet on another disposable mail service (mailforspam.com), following the same steps — MX lookup (host -t mx mailforspam.com) returned:
mailforspam.com mail is handled by 10 mail2.mailforspam.com.
mailforspam.com mail is handled by 10 mail1.mailforspam.com.
Though I was not able to connect via telnet (I have tried both servers mail2.mailforspam.com and mail1.mailforspam.com) to any of the default ports: port 25 — Connection refused, ports 2525, 587, 465 — Operation timed out.
Questions are:
How do I figure out the proper ports for the server accepting mails on behalf of a particular domain (one that is returned by MX lookup)? My understanding here is that "default" ports are just conventions, and, in fact, servers can use any free port they choose.
I assume that when email is sent from one email provider to another, the SMTP server it is submitted to (one belonging to the user that is sending email) does something similar (i.e. MX lookup => connection to mail accepting server => submitting an email). How do such "real-world" servers figure out the proper port (or they just brute-forcing through the default ones)?
How do I figure out the proper ports for the server accepting mails on behalf of a particular domain (one that is returned by MX lookup)?
What you've shown in your question is more or less correct. You may want to try the ports in a different order. Also, port 2525 is not an official port from any standard I'm aware of but seems to be a convention for bypassing firewalls that block the submission port 587.
One thing to note is that "accepting mail" is not actually one thing. There are "mail user agents" that do "submission" and "mail transfer agents" that do "transfer". "Submission" and "transfer" often live on different ports which explains some of the diversity you've seen. Figure out whether you're doing submission or transfer and select the appropriate group of ports.
My understanding here is that "default" ports are just conventions, and, in fact, servers can use any free port they choose.
This isn't really true, at least not if the servers want anyone to be able to find them, because ...
How do such "real-world" servers figure out the proper port (or they just brute-forcing through the default ones)?
Mail servers that actually want to be able to receive mail must run on a standard port number. For MTAs this means port 25 with maybe a fallback to 465 (though this isn't standardized either). For MUAs this means port 587 with maybe a fallback to 2525 (also not standardized but apparently in common use as a workaround to MUAs being blocked).
In particular, MX records carry no port information, nor does any other DNS record type related to SMTP.
The MX you get needs to support port 25, that's part of the SMTP definition. If you are unable to connect, chances are the block is in the firewall on your own side — port 25 outbound is aggressively blocked from consumer-grade networks, in an attempt to curb direct-injection spam.
Port 25 between authorized servers is not blocked, there is no reason or need for the server to figure out a different port number.
I have a Heroku application that has a domain moarcatz.tk. It listens for non-HTTP requests using Python's socket.
The documenatation states that if I bind a socket to an empty string as an IP address, it will listen on all available interfaces. I kept getting empty requests from various IP addresses, so I assume that setting the socket to only listen for connections to moarcatz.tk would fix the problem. But I don't know how to bind a socket to a domain name.
I tried 'moarcatz.tk' and gethostbyname('moarcatz.tk'), but both give me this error:
OSError: [Errno 99] Cannot assign requested address
What's up with that?
You can't control this via your code, but you can control this via Heroku.
Heroku has a pretty nifty DNS CNAME tool you can use to ensure your app ONLY listens to incoming requests for specific domains -- it's part of the core Heroku platform.
What you do is this:
heroku domains:add www.moarcatz.tk
Then, go to your DNS provider for moarcatz.tk and add a CNAME record for:
www <heroku-app-name>.herokuapp.com
This will do two things:
Point your DNS to Heroku.
Make Heroku filter the incoming traffic and ALLOW it for that specific domain.
If there any way to know if a client expects server to enable SSL?
I am building a small SMTP server and have implemented SSL on 465 but some clients do not expect SSL so obviously connection fails.
Is it possible to tell this in any way?
There is no clean way for a server to detect if a client expects to use SSL/TLS at the start of the connection. In fact, if the server is expected to send data first (as is the case with SMTP: the server sends a banner before the client sends any data), there is no way at all to do that.
This is the reasons why SSL/TLS is generally used in one of these two ways:
A new port number is designated for the SSL/TLS version of the protocol. For example, HTTP (port 443 instead of port 80), IMAP (port 993 instead of port 143), SMTP (port 465 instead of 25 or 587). The server knows to use SSL/TLS right away if it accepts the connection on the new port.
STARTTLS: The server and client start by talking the non-SSL/TLS version of the protocol, but the server indicates STARTTLS in its service capabilities announcement. The client accept the offer and requests it. Both server and client now restart the protocol using SSL/TLS.
STARTTLS is a bit less efficient because of the non-SSL/TLS conversation between the server and client that happens first (uses several network round trips) and it is not available for use with all protocols (HTTP doesn't support it), but it's generally preferred if available because it makes it easier for things like automatic configuration of email settings (no need to probe a bunch of possible ports and pick the best one).
Port 465 is an example of the first solution: pick a new port and run SSL/TLS on it. That means servers and clients are both supposed to use SSL/TLS right away for communications on that port.
If you are seeing clients trying to talk plaintext SMTP on port 465, those clients are BROKEN. There really isn't anything you can do to work around them. The clients have serious bugs which should be fixed...
Moreover, for SMTP, you really need to be using STARTTLS, not SMTP over SSL/TLS on port 465.