Scribd
Upload
44 views14 pages

Network Wide AD Blocker and IDS/IPS: Project Thesis

Uploaded by

Saboor Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
44 views14 pages

Network Wide AD Blocker and IDS/IPS: Project Thesis

Uploaded by

Saboor Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Network Wide AD Blocker and IDS/IPS

Using Raspberry PI

Project Thesis
Chapter No: 1, 2

Submitted by

Muhammad Tahir
Registration Number: 2019-U-3611
Roll No:60(Morning)

Abdul Wahab
Registration Number: 2019-U-3584
Roll No:30 (Morning)

Supervisor

Dr. Qazi Ejaz Ali

Department of Computer Science,


University of Peshawar
2

TABLE OF CONTENT
CHAPTER NO:1
INTRODUCTION
1.1 History................................................................................... 3
1.2 Features..................................................................................3
1.3 Objectives..............................................................................4
1.4 Introduction to Surkhab Centre:.............................................4
1.5 Pi-hole:..................................................................................4
1.6 Aim Of Project:......................................................................5
1.7 Admin role:............................................................................5
1.8 Scope of the project:..............................................................5
1.9 Tools used in projects:...........................................................6
CHAPTER NO: 2
EXISTING SYSTEM & PROPOSED SYSTEM

2.1 Objectives Of Proposed System:...........................................7


2.2 FEATURES............................................................................8
2.2.1 Primary:...............................................................................8
2.3 User Interface:.........................................................................9
2.4 The Concern With Upstream Servers:..................................10
2.5 NXDOMAIN And Null Blocking With FTLDNS...............13
2.5.1 WHAT IS NXDOMAIN?..................................................13
3

CHAPTER 1
INTRODUCTION

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which


acts as a DNS sinkhole (and optionally a DHCP server), intended for use on a network. It is
designed for use on embedded devices with network capability, such as the Raspberry Pi, but it
can be used on other machines running Linux and cloud implementations.
Pi-hole has the ability to block traditional website advertisements as well as advertisements in
unconventional places, such as smart TVs and mobile operating system advertisements.

1.1 History

The Pi-hole project was created by Jacob Salmela as an open source alternative to the Ad Trap in
2014 and was hosted on GitHub. Since then, several contributors have joined the project

1.2 Features

The Pi-hole makes use of a modified dnsmasq called FTLDNS, cURL, lighttpd, PHP and the


AdminLTE Dashboard to block DNS requests for known tracking and advertising domains. The
application serves as a DNS server for a private network (replacing any pre-existing DNS server
provided by another device or the ISP), with the ability to block advertisements and tracking
domains for users' devices. It obtains lists of advertisement and tracking domains from
predefined sources (which can be modified by the user) that the Pi-hole uses to compare DNS
queries to. If a match is found within any of the lists, or the user blacklist, the Pi-hole will refuse
to resolve the requested domain and respond to the requesting device with a blank webpage.
Because Pi-hole blocks domains at the network level, it is able to block advertisements, such
as banner advertisements on a webpage, but it can also block advertisements in unconventional
locations, such as on Android, iOS and smart TVs.
4

Using VPN services, Pi-Hole can block domains without using a DNS filter setup in a router.
Any device that supports VPN can use Pi-Hole on a cellular network or a home network without
a DNS server configured.
The nature of Pi-hole allows it to also block website domains in general by manually blacklisting
the domain name. Likewise, domains can be white-listed manually should a website's function be
impaired by domains being blocked. Pi-hole can also function as a network monitoring tool,
which can aid in troubleshooting DNS requests and faulty networking troubleshooting.

1.3 Objectives

Pi-hole functions similarly to a network firewall, meaning that advertisements and tracking
domains are blocked for all devices behind it, whereas traditional advertisement blockers only
run in a user's browser, and remove advertisements only on the same machine.
So here in Surkhab center there is a small network and group of nodes
Which uses internet frequently and security of these system is very important. And buying big
firewall software and hardware is also injustice for few systems. We choose a raspberry pi 4 as a
microprocessor to act as a firewall that will block malicious pic links throughout all network.

1.4 Introduction to Surkhab center:

Working for more than 3 decades, Surkhab holds a place in the Bridal industry. Trusted by many
to make their special day perfect.
Our journey starts with creating illustrations, putting all those ideas onto paper and giving the
imaginations into reality.

1.5 Pi-hole:
The Raspberry Pi runs software known as Pi-Hole and PADD to block ads and display statistical
data such as the Pi-Hole's IP Address and the amount of ads blocked.
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without
installing any client-side software.
Easy-to-install:
our versatile installer walks you through the process, and takes less than ten minutes.
5

Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart
TVs
Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
Lightweight: runs smoothly with minimal hardware and software requirements
Robust: a command-line interface that is quality assured for interoperability
Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
Versatile: can optionally function as a DHCP server, ensuring all your devices are protected
automatically
Scalable: capable of handling hundreds of millions of queries when installed on server-grade
hardware
Modern: blocks ads over both IPv4 and IPv6
Free: open-source software which helps ensure you are the sole person in control of your
privacy

1.6 Aim of Project:

The Project aims at the following matters:


Provide high security to a business or home
Fast internet because unnecessary packets will be drop
Stop irritated ads in whole network
Online scam or virus or malicious code that deliver through ads will be stop

1.7 Admin role:

The admin role can be as follow:


Just watch the statistics the tool is totally automatic any nonprofessional can use this tool and can
be access from any device
Admin can add domain to white list or blacklist new domain or custom RE domain.
Management of installation and operator initial setup only

1.8 Scope of the project:

The scope of the project includes the following


All the network data pass through the pi hole
6

Deliver compact size firewall


Provide bi-lingual support
Application Support & Maintenance after deployment to production.
The Admin module can be reused for projects as well which have many users with different
rights. Hence it is reusable.

1.9 Tools used in projects:


Raspberry pi 4
32gb sdcard
Linux like arm operating system
Heat sink
Micro hdmi cables
Mobile type c cable
Pi hole script (to fulfil dependencies)
7

CHAPTER 2
EXISTING SYSTEM & PROPOSED SYSTEM
The existing system is very simple network design without an individual modem or any firewall.
just a multi-purpose router. Some of the key points discussed below.
- there is no security hardware or software use
- the router built in firewall is not fast or automatic or robust
- built in firewall time consuming for admin and no statistical report to analyze data
- no open Wi-Fi for user because of fair security
-no firewall rules and policy backup
-slow response
-in critical condition hard to setup everything
-too much ads in a network that slow down internet
PROPOSED SYSTEM

After a detail study of the current system.so we decided we can spend too much money on
hardware firewall or setup a new network. Thanks to card shape mini arm microprocessor
raspberry is a open source board can used for any type of coding or situation so we pick up this
board to make a fast, accurate, timelessness, security, integrity and economical mini firewall.

2.1 Objectives of Proposed System:

Before designing any computerized system, it is necessary to establish the objectives that
proposed system should have to satisfy/perform. The relative system must have the following
features:
8

1 The proposed system is the extension of a network existing system.


2 The whole network traffic will be driven through proposed system.
3 The proposed system will be act as a DNS and DHCP server.
4 The system should be sufficiently flexible, in order to cope with future requirements, i.e.
system should support large amount of data, which will be increasing with the passage of time
very efficiently.
5 The system should be capable of expansion and upgradation, so that the new requirement
can be easily adopted and the computer screens should guide the user where to find the required
information.
6 The system will update blacklist automatically so new ads maker site block easily
7 Low power computer and will work 24/7 with minimum very low heat generate
8 The system will able to generate the report whenever admin wants
9 The system will show the statistic and current state to everyone if admins wants to
10 Can be accessed remotely admin panel or the system by VNC viewer
11 Automatically assign new IPs to new users dynamically or can be set static IP.
12 Can be block specific URL or RE URL

2.2 FEATURES
2.2.1 Primary:

To block ads from various sources

To increase security to a firm cost-effectively

The Pi-hole makes use of a modified dnsmasq called FTLDNS, cURL, lighttpd, PHP and the


AdminLTE Dashboard to block DNS requests for known tracking and advertising domains. The
application serves as a DNS server for a private network (replacing any pre-existing DNS server
provided by another device or the ISP), with the ability to block advertisements and tracking
domains for users' devices. It obtains lists of advertisement and tracking domains from
predefined sources that the Pi-hole uses to compare DNS queries to. These predefined sources
can be modified by the user. If a match is found within any of the lists, or the user blacklist, the
Pi-hole will refuse to resolve the requested domain and respond to the requesting device with a
blank webpage.
9

Because Pi-hole blocks domains at the network level, it is able to block advertisements, such
as banner advertisements on a webpage, but it can also block advertisements in unconventional
locations, such as on Android, iOS and smart TVs.

Using VPN services, Pi-Hole can block domains without using a DNS filter setup in a router.
Any device that supports VPN can use Pi-Hole on a cellular network or a home network without
a DNS server configured. 

The nature of Pi-hole allows it to also block website domains in general by manually blacklisting
the domain name. Likewise, domains can be whitelisted manually should a website's function be
impaired by domains being blocked. Pi-hole can also function as a network monitoring
tool, which can aid in troubleshooting DNS requests and faulty networking troubleshooting.

2.3 User Interface:

For better user-interaction, whether admin or executive, the interaction screen is well-
designed. It will make interaction and operation easily for admin and the managing different
services very easily. So the user-friendly interface attracts admin attention towards it.

FTLDNS and Unbound Combined for Your Own All-Around DNS Solution

Pi-hole acts as a forwarding DNS server, which means if it doesn’t know where a domain is, it
has to forward your query to another server that does.  When you install Pi-hole, it knows where
the ad-serving domains are (because you tell it), so it doesn’t forward those requests.  But
it doesn’t know where legitimate sites are. Thus these requests are forwarded to an
upstream, recursive server.

These servers also don’t know where the real Website exists unless they have been asked to find
it before.  The only DNS servers that truly know where a domain is is an authoritative DNS
server.  For now, we don’t need to know what an authoritative DNS server is, just that it’s the
single source of truth for a domain’s real IP address.

So when you have a Pi-hole in use on your network, the flow of traffic goes like this:
10

2.3 3 PIHOLE flow of traffic

1. Your client asks the Pi-hole Who is pi-hole.net?


2. Your Pi-hole will check its cache and reply if the answer is already known.
3. Your Pi-hole will check the blocking lists and reply if the domain is blocked.
4. Since neither 2. nor 3. is true in our example, the Pi-hole forwards the request to the
configured external upstream DNS server(s).
5. Upon receiving the answer, your Pi-hole will reply to your client and tell it the answer of its
request.
6. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your
clients queries the same domain again.

2.4 The Concern with Upstream Servers:

The concern with the existing method lies in step 4.  In today’s world, these upstream servers are
known as Google, OpenDNS, and Cloud Flare, amongst others.  They advertise themselves as
free private DNS servers, but how do you know for certain they are keeping their promise that
your information is truly private?

Furthermore, from the point of an attacker, the DNS servers of larger providers are very
worthwhile targets, as they only need to poison one DNS server, but millions of users might be
affected.  For example, instead of your bank’s actual IP address, you could be sent to a phishing
11

site hosted on some island.  This scenario has already happened and it isn’t unlikely to happen
again…

So What Is the Difference Between A Recursive DNS Server and An Authoritative DNS
server?

The first distinction we have to be aware of is whether a DNS server is authoritative or not.  If
I’m the authoritative server for, e.g., pi-hole.net, then I know which IP is the correct answer for a
query.  Recursive name servers, in contrast, resolve any query they receive by consulting the
servers authoritative for this query by traversing the domain.  Example: We want to resolve pi-
hole.net. On behalf of the client, the recursive DNS server will traverse the path of the domain
across the Internet to deliver the answer to the question.

What Is the Solution?

Operating your own local, recursive DNS server.  Think of it as running your own Google or
CloudFlare DNS service.  It can run on the same device you are already using Pi-hole for and
there are no additional hardware requirements.

This changes the six step procedure mentioned previously to this 12 step process:

How Pi-hole Works With FTLDNS and Unbound


12

2.4 3 PIHOLE flow of traffic unbound

1. Your client asks the Pi-hole Who is pi-hole.net?


2. Your Pi-hole will check its cache and reply if the answer is already known.
3. Your Pi-hole will check the blocking lists and reply if the domain is blocked.
4. Since neither 2. nor 3. is true in our example, the Pi-hole delegates the request to the (local)
recursive DNS resolver.
5. Your recursive server will send a query to the DNS root servers: “Who is handling .net?”
6. The root server answers with a referral to the TLD servers for .net.
7. Your recursive server will send a query to one of the TLD DNS servers for .net: “Who is
handling pi-hole.net?”
8. The TLD server answers with a referral to the authoritative name servers for pi-hole.net.
9. Your recursive server will send a query to the authoritative name servers: “What is the IP of pi-
hole.net?”
10. The authoritative server will answer with the IP address of the domain pi-hole.net.
11. Your recursive server will send the reply to your Pi-hole which will, in turn, reply to your client
and tell it the answer of its request.
13

12. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your
clients queries the same domain again.

Step 4 is where the major change happens.  The steps that follow are what the upstream
servers would normally handle (along with any data tracking they may or may not be doing).

2.5 NXDOMAIN And Null Blocking With FTLDNS

Pi-hole has traditionally returned a blank HTML page in place of advertisements.  An alternative
method is to return NXDOMAIN—no such domain.  This is a behavior you asked us to
implement and we have listened.

To use it, you’ll need to be running the FTLDNS beta (pihole -up if you’re already on it):

echo "FTLDNS" | sudo tee /etc/pihole/ftlbranch


pihole checkout core FTLDNS
pihole checkout web FTLDNS

You can also checkout the development branches, but if you want the most up-to-date code, use
the FTLDNS branches.

Once you’ve checked out on the new branches, you need to add this to /etc/pihole/pihole-
FTL.conf(note you may need to create this file if it does not exist)

BLOCKINGMODE=NXDOMAIN

or

BLOCKINGMODE=NULL

depending on which method you prefer and then restart FTLDNS (pihole-FTL) to apply the
change

sudo service pihole-FTL restart

2.5.1 WHAT IS NXDOMAIN?


14

This is a mechanism built into DNS that can be returned as an answer when the domain doesn’t
exist.  You can see this response by using nslookup on a domain that is not likely to be
registered:

me@pihole:~$ nslookup skfmndfosfmmpofpwmf.com


Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find skfmndfosfmmpofpwmf.com: NXDOMAIN

You might also like