├── README.md
    └── README.md.txt
├── config
    ├── README.md
    └── configuration
    │   ├── application_config.yml
    │   ├── network_config.txt.txt
    │   └── tool_config.ini
├── docs
    └── logs.png
├── logs
    ├── logs_analysis_report.txt.txt
    └── update logs.txt
├── nmap_scan_results.txt.txt
├── scripts
    ├── Note.txt
    ├── analyze_packets.sh
    └── capture_packets.sh
└── security_analysis_report.txt.txt


/README.md/README.md.txt:
--------------------------------------------------------------------------------
 1 | # Network Security Analysis and DNS Troubleshooting Toolkit
 2 | 
 3 | ## Project Overview
 4 | 
 5 | The **Network Security Analysis and DNS Troubleshooting Toolkit** is designed to assist in analyzing network traffic and diagnosing DNS issues. This toolkit includes a variety of scripts, configuration files, and comprehensive documentation to help users efficiently identify and resolve network security and DNS-related problems.
 6 | 
 7 | ## File Structure
 8 | 
 9 | README.md: The main documentation file.
10 | docs/: Contains additional documentation.
11 | scripts/: Contains scripts used in the project.
12 | logs/: Contains packet capture logs.
13 | config/: Contains configuration files.
14 | 
15 | # SecureDNS Network Analysis and Configuration
16 | 
17 | ## Project Overview
18 | 
19 | The **SecureDNS Network Analysis and Configuration** project aims to analyze DNS-related network issues, resolve configuration problems, and ensure robust DNS service operation. This project encompasses network traffic analysis, DNS server configuration, and firewall settings adjustments to achieve reliable DNS resolution and secure network operations.
20 | 
21 | ## Project Structure
22 | 
23 | - **README.md**: This main documentation file.
24 | - **docs/**: Contains additional documentation and reports.
25 | - **scripts/**: Includes various scripts used in the project.
26 | - **logs/**: Contains packet capture logs and analysis reports.
27 | - **config/**: Houses configuration files for DNS and firewall settings.
28 | 
29 | ## Logs
30 | 
31 | The `logs/` directory contains detailed analysis of network traffic and DNS queries, including:
32 | - **logs_analysis_report.txt**: Summarizes findings and actions taken to resolve DNS issues.
33 | - **dns_issues_summary.txt**: Provides a detailed overview of DNS server problems, resolutions, and configurations.
34 | 
35 | ## Configuration Files
36 | 
37 | The `config/` directory includes configuration files for:
38 | - **DNS Server**: Configuration files such as `named.conf` for BIND DNS.
39 | - **Firewall**: Rules to allow DNS traffic through port 53.
40 | 
41 | ## Scripts
42 | 
43 | The `scripts/` directory contains utility scripts for:
44 | - **DNS Queries**: Automating DNS resolution tests.
45 | - **Firewall Configuration**: Managing and updating firewall rules.
46 | 
47 | ## Usage
48 | 
49 | 1. **Analyze Network Logs**:
50 |    - Review logs for DNS queries and responses.
51 |    - Identify any issues or misconfigurations.
52 | 
53 | 2. **Verify and Configure DNS**:
54 |    - Check DNS service status and configuration.
55 |    - Adjust firewall rules to permit DNS traffic.
56 | 
57 | 3. **Test DNS Resolution**:
58 |    - Use diagnostic tools to verify DNS functionality.
59 | 
60 | 4. **Update Configuration**:
61 |    - Modify DNS and firewall configurations as needed.
62 |    - Save and apply changes.
63 | 
64 | ## Contributions
65 | 
66 | Contributions or suggestions to improve this project are welcome. Please open an "Issue" or submit a "Pull Request" to discuss changes.
67 | 
68 | ## License
69 | 
70 | This project is licensed under the MIT License.
71 | 
72 | ---
73 | 
74 | **Note**: Always review configuration changes and test thoroughly in a controlled environment before applying them to production systems.
75 | 
76 | 


--------------------------------------------------------------------------------
/config/README.md:
--------------------------------------------------------------------------------
 1 | # Configuration Files
 2 | 
 3 | This directory contains configuration files used by various components of the project. Below is an overview of each file:
 4 | 
 5 | ## `network_config.txt`
 6 | 
 7 | This file contains network configuration settings including IP address, subnet mask, gateway, and DNS servers.
 8 | 
 9 | ## `application_config.yml`
10 | 
11 | This YAML file is used to configure the application settings, including server details, database connection, and logging.
12 | 
13 | ## `tool_config.ini`
14 | 
15 | This INI file is used to configure various tool-specific settings.
16 | 
17 | ## How to Modify
18 | 
19 | - Open the respective file in a text editor.
20 | - Modify the settings according to your requirements.
21 | - Save the file and restart the relevant service or application to apply changes.
22 | 


--------------------------------------------------------------------------------
/config/configuration/application_config.yml:
--------------------------------------------------------------------------------
 1 | # Application Configuration
 2 | 
 3 | server:
 4 |   port: 8080
 5 |   host: 0.0.0.0
 6 | 
 7 | database:
 8 |   type: mysql
 9 |   host: localhost
10 |   port: 3306
11 |   username: user
12 |   password: pass
13 |   name: mydatabase
14 | 
15 | logging:
16 |   level: info
17 |   file: /var/log/application.log
18 | 


--------------------------------------------------------------------------------
/config/configuration/network_config.txt.txt:
--------------------------------------------------------------------------------
 1 | # Network Configuration
 2 | 
 3 | # IP Address Configuration
 4 | IP_ADDRESS=192.168.1.10
 5 | SUBNET_MASK=255.255.255.0
 6 | GATEWAY=192.168.1.1
 7 | 
 8 | # DNS Servers
 9 | PRIMARY_DNS=8.8.8.8
10 | SECONDARY_DNS=8.8.4.4
11 | 


--------------------------------------------------------------------------------
/config/configuration/tool_config.ini:
--------------------------------------------------------------------------------
 1 | # Tool Configuration
 2 | 
 3 | [General]
 4 | setting1=value1
 5 | setting2=value2
 6 | 
 7 | [Advanced]
 8 | option1=true
 9 | option2=false
10 | 


--------------------------------------------------------------------------------
/docs/logs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AhmMashhour/SecureDNS-Network-Analysis-and-Configuration/82978f047816980df3334697333d1892e65e3647/docs/logs.png


--------------------------------------------------------------------------------
/logs/logs_analysis_report.txt.txt:
--------------------------------------------------------------------------------
 1 | Final DNS Issue Resolution Report
 2 | 
 3 | Date: 22/08/2024
 4 | Time: 11:35 AM
 5 | 
 6 | Analysis and Resolution Summary:
 7 | 
 8 | Issue:
 9 | The DNS server at 203.0.113.2 was returning ICMP "port unreachable" errors in response to DNS queries from the IP address 192.51.100.15. This indicated that the DNS service on the server was either down or blocked.
10 | 
11 | Actions Taken:
12 | 
13 | 1. Checked DNS Service Status:
14 |   - The DNS service (BIND) on the server 203.0.113.2 was found to be down due to a misconfiguration in the named.conf file.
15 |   - The configuration was corrected by ensuring all zones and directives were properly defined.
16 |   - The DNS service was successfully restarted using the command:
17 |     -sudo systemctl restart named
18 | 
19 | 2. Verified and Updated Firewall Configuration:
20 |    - It was identified that the firewall on the server was blocking DNS traffic on port 53.
21 |    - Firewall rules were updated to allow both UDP and TCP traffic on port 53 using the following commands:
22 |      - sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
23 |      - sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
24 | 
25 | 3. ested DNS Resolution:
26 |    - A DNS lookup test was performed from the source IP 192.51.100.15 using the dig command:
27 |      - dig @203.0.113.2 yummyrecipesforme.com
28 |    - The DNS server 203.0.113.2 successfully responded to the query, confirming that the DNS resolution was functioning correctly.
29 | 
30 | 4. Conclusion:
31 | The DNS issue was resolved by fixing the misconfiguration in the named.conf file and updating the firewall rules to allow DNS traffic on port 53. After these corrections, the DNS server at 203.0.113.2 resumed normal operation, successfully handling DNS queries without any further issues.


--------------------------------------------------------------------------------
/logs/update logs.txt:
--------------------------------------------------------------------------------
 1 | 11:01 BM - 22/08/2024:
 2 | - Investigated DNS logs where repeated DNS query attempts were observed from IP `192.51.100.15` to the DNS server at `203.0.113.2` for the domain `yummyrecipesforme.com`.
 3 | - The DNS server `203.0.113.2` consistently returned ICMP "port unreachable" messages, indicating that the DNS service on port 53 was not accessible or responding on that server.
 4 | 
 5 | Actions Taken:
 6 | - Checked the status of the DNS server at `203.0.113.2` to determine if the DNS service was running and listening on port 53.
 7 | - Attempted to resolve the domain `yummyrecipesforme.com` using an alternative DNS server from the source `192.51.100.15`.
 8 | - Utilized network diagnostic tools (`ping`, `traceroute`, `nslookup`) to further analyze connectivity issues and DNS resolution failures.
 9 | 
10 | Results:
11 | - The DNS service at `203.0.113.2` was found to be down or misconfigured, causing the ICMP "port unreachable" responses.
12 | - Resolution of `yummyrecipesforme.com` was successful when using a different DNS server, confirming that the issue was isolated to the DNS server at `203.0.113.2`.
13 | - No other anomalies were found in the network path between the source and destination, indicating the issue was specific to the DNS server.
14 | 
15 | Conclusion:
16 | - The DNS server at `203.0.113.2` requires further investigation or reconfiguration to restore normal DNS resolution services.
17 | 


--------------------------------------------------------------------------------
/nmap_scan_results.txt.txt:
--------------------------------------------------------------------------------
 1 | IP Address: 192.168.1.10
 2 | 
 3 | Open Ports:
 4 | 
 5 | 22/tcp - SSH
 6 | 80/tcp - HTTP
 7 | 443/tcp - HTTPS
 8 | 3306/tcp - MySQL Database
 9 | Service Versions:
10 | 
11 | SSH: OpenSSH 7.4 (protocol 2.0)
12 | HTTP: Apache 2.4.29
13 | HTTPS: Apache 2.4.29 with SSL/TLS support
14 | MySQL: MySQL 5.7.23
15 | OS Detection: Linux Kernel 4.15
16 | 
17 | Additional Information:
18 | 
19 | The HTTP service running on port 80 is configured with the default Apache page, indicating a potentially vulnerable web server.
20 | The SSH service might be vulnerable to brute-force attacks if weak credentials are used.
21 | The MySQL service is exposed to the network, which might pose a risk if not properly secured.
22 | 


--------------------------------------------------------------------------------
/scripts/Note.txt:
--------------------------------------------------------------------------------
1 | Make sure the scripts are Executable:
2 | 
3 | chmod +x scripts/capture_packets.sh
4 | chmod +x scripts/analyze_packets.sh
5 | 


--------------------------------------------------------------------------------
/scripts/analyze_packets.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Ensure the script is run with root privileges
 4 | if [ "$(id -u)" -ne "0" ]; then
 5 |   echo "Please run this script with root privileges (sudo)."
 6 |   exit 1
 7 | fi
 8 | 
 9 | # Define the input file containing captured packets
10 | INPUT_FILE="capture.pcap"
11 | 
12 | # Start analyzing the packet file
13 | echo "Starting analysis of packets in file $INPUT_FILE..."
14 | tcpdump -r $INPUT_FILE
15 | 
16 | echo "Analysis complete."
17 | 


--------------------------------------------------------------------------------
/scripts/capture_packets.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Ensure the script is run with root privileges
 4 | if [ "$(id -u)" -ne "0" ]; then
 5 |   echo "Please run this script with root privileges (sudo)."
 6 |   exit 1
 7 | fi
 8 | 
 9 | # Define the network interface
10 | INTERFACE="any"
11 | 
12 | # Define the output file for captured packets
13 | OUTPUT_FILE="capture.pcap"
14 | 
15 | # Start capturing packets
16 | echo "Starting packet capture on interface $INTERFACE..."
17 | tcpdump -i $INTERFACE -vvv -w $OUTPUT_FILE host www.yummyrecipesforme.com
18 | 
19 | echo "Packets have been saved to $OUTPUT_FILE"
20 | 


--------------------------------------------------------------------------------
/security_analysis_report.txt.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | Security Analysis Report
 3 | Date: [23/08/2024]
 4 | 
 5 | Conducted By: Ahmed Mashhour Mohamed
 6 | 
 7 | 1. Introduction
 8 | This report provides an analysis of the network scan conducted on the target machine. The scan results, saved in the file nmap_scan_results.txt, have been reviewed to identify open ports, running services, and any potential security risks.
 9 | 
10 | 
11 | 2. Scan Summary
12 | The scan identified the following open ports and associated services:
13 | 
14 | Port	Service	     Version	       Risk Level	           Notes
15 | 22	SSH	  OpenSSH 7.6p1	         Medium	       Possible brute-force attack vector.
16 | 80	HTTP	  Apache 2.4.29	          High	       Unpatched versions might have vulnerabilities.
17 | 443	HTTPS	  Apache 2.4.29	          Low	       No immediate risk identified.
18 | 3306	MySQL	  MySQL 5.7.30	          High	       Database could be exposed to SQL injection.
19 | 5900	VNC	  VNC protocol 3.3	  High	       Possible unauthorized remote access.
20 | 
21 | 
22 | 3. Detailed Analysis
23 | Port 22 (SSH)
24 | Service: SSH
25 | Version: OpenSSH 7.6p1
26 | Risk Level: Medium
27 | Analysis: SSH is used for secure remote access. However, if not configured properly, it could be susceptible to brute-force attacks. It's essential to enforce strong passwords and consider using key-based authentication.
28 | Recommendation: Ensure that the SSH service is up-to-date and configured with strong authentication mechanisms. Consider disabling root login over SSH.
29 | Port 80 (HTTP)
30 | 
31 | Service: Apache HTTP Server
32 | Version: Apache 2.4.29
33 | Risk Level: High
34 | Analysis: The HTTP service is running on Apache 2.4.29. Unpatched versions of Apache can be vulnerable to various exploits. As this port is accessible over the internet, it poses a significant security risk if not adequately protected.
35 | Recommendation: Update Apache to the latest version and ensure all security patches are applied. Consider implementing a web application firewall (WAF) to protect against common web vulnerabilities.
36 | Port 443 (HTTPS)
37 | 
38 | Service: Apache HTTPS Server
39 | Version: Apache 2.4.29
40 | Risk Level: Low
41 | Analysis: HTTPS provides encrypted communication over the internet. While no immediate risks are identified, it’s important to ensure that SSL/TLS configurations are up-to-date and free from vulnerabilities like Heartbleed.
42 | Recommendation: Regularly review SSL/TLS settings and update the cryptographic protocols to the latest standards. Consider implementing HTTP Strict Transport Security (HSTS).
43 | Port 3306 (MySQL)
44 | 
45 | Service: MySQL Database
46 | Version: MySQL 5.7.30
47 | Risk Level: High
48 | Analysis: The MySQL database is accessible over the network, which increases the risk of SQL injection attacks if the database is not securely configured.
49 | Recommendation: Restrict access to the MySQL port by using firewall rules. Ensure that the database is properly configured with strong authentication and secure coding practices are followed in applications interacting with the database.
50 | Port 5900 (VNC)
51 | 
52 | Service: VNC (Virtual Network Computing)
53 | Version: VNC protocol 3.3
54 | Risk Level: High
55 | Analysis: VNC is used for remote desktop access. Running an outdated VNC protocol can lead to unauthorized remote access, which poses a significant security risk.
56 | Recommendation: Update the VNC server to the latest version and enforce strong authentication. If VNC is not needed, consider disabling the service altogether.
57 | 
58 | 
59 | 4. Conclusion
60 | The scan identified several open ports with associated services that could pose security risks if not properly managed. Immediate action should be taken to mitigate these risks, including updating software, applying security patches, and implementing strong authentication mechanisms.
61 | 
62 | 
63 | 5. Next Steps
64 | Immediate: Apply the recommended security measures to address the identified risks.
65 | Ongoing: Regularly scan the network and monitor for any new vulnerabilities. Implement continuous security assessments as part of the overall security strategy.
66 | 
67 | Report prepared by: Ahmed Mashhour Mohamed
68 | 
69 | 


--------------------------------------------------------------------------------