In a previous article, we had built a transparent proxy for tcp (outbound) connections.
In short any tcp outbound connection on port_x would be redirected to ip:port_z.
Main usage was to implement a transparent proxy for http traffic (applications would « transparently » be redirected to a proxy accepting « intercepted » traffic).
This time, lets do the same for (outbound) UDP.
One possible scenario : intercept all outbound dns traffic and redirect to another dns server.
proxy-tcp 1.0 by email@example.com
proxy-tcp original_port new_port new_ip [local]
remember that if you divert to a local app, this local app could be diverted as well.
Example : proxy-udp 53 53 192.168.1.144 local
With a rogue dns server running locally (skip the ‘local’ if the rogue server is running on another host).
Note the warning about diverting to a local app.
For instance, you could be running your local rogue server locally but then since this rogue server will also perform dns queries, you would end up in catch 22 situation.
Possible workarounds :
-have your rogue server « escape » the filter and use a remote udp port different than the filtered one (i.e something different than 53) OR a different protocol (i.e something different than UDP)
-review the code and filter on the original dns server
-review the code and exclude the dns server used by the rogue server
Source code and binaries can be found on my github.