Network Wide AD Blocker and IDS/IPS: Project Thesis
Network Wide AD Blocker and IDS/IPS: Project Thesis
Using Raspberry PI
Project Thesis
Chapter No: 1, 2
Submitted by
Muhammad Tahir
Registration Number: 2019-U-3611
Roll No:60(Morning)
Abdul Wahab
Registration Number: 2019-U-3584
Roll No:30 (Morning)
Supervisor
TABLE OF CONTENT
CHAPTER NO:1
INTRODUCTION
1.1 History................................................................................... 3
1.2 Features..................................................................................3
1.3 Objectives..............................................................................4
1.4 Introduction to Surkhab Centre:.............................................4
1.5 Pi-hole:..................................................................................4
1.6 Aim Of Project:......................................................................5
1.7 Admin role:............................................................................5
1.8 Scope of the project:..............................................................5
1.9 Tools used in projects:...........................................................6
CHAPTER NO: 2
EXISTING SYSTEM & PROPOSED SYSTEM
CHAPTER 1
INTRODUCTION
1.1 History
The Pi-hole project was created by Jacob Salmela as an open source alternative to the Ad Trap in
2014 and was hosted on GitHub. Since then, several contributors have joined the project
1.2 Features
Using VPN services, Pi-Hole can block domains without using a DNS filter setup in a router.
Any device that supports VPN can use Pi-Hole on a cellular network or a home network without
a DNS server configured.
The nature of Pi-hole allows it to also block website domains in general by manually blacklisting
the domain name. Likewise, domains can be white-listed manually should a website's function be
impaired by domains being blocked. Pi-hole can also function as a network monitoring tool,
which can aid in troubleshooting DNS requests and faulty networking troubleshooting.
1.3 Objectives
Pi-hole functions similarly to a network firewall, meaning that advertisements and tracking
domains are blocked for all devices behind it, whereas traditional advertisement blockers only
run in a user's browser, and remove advertisements only on the same machine.
So here in Surkhab center there is a small network and group of nodes
Which uses internet frequently and security of these system is very important. And buying big
firewall software and hardware is also injustice for few systems. We choose a raspberry pi 4 as a
microprocessor to act as a firewall that will block malicious pic links throughout all network.
Working for more than 3 decades, Surkhab holds a place in the Bridal industry. Trusted by many
to make their special day perfect.
Our journey starts with creating illustrations, putting all those ideas onto paper and giving the
imaginations into reality.
1.5 Pi-hole:
The Raspberry Pi runs software known as Pi-Hole and PADD to block ads and display statistical
data such as the Pi-Hole's IP Address and the amount of ads blocked.
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without
installing any client-side software.
Easy-to-install:
our versatile installer walks you through the process, and takes less than ten minutes.
5
Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart
TVs
Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
Lightweight: runs smoothly with minimal hardware and software requirements
Robust: a command-line interface that is quality assured for interoperability
Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
Versatile: can optionally function as a DHCP server, ensuring all your devices are protected
automatically
Scalable: capable of handling hundreds of millions of queries when installed on server-grade
hardware
Modern: blocks ads over both IPv4 and IPv6
Free: open-source software which helps ensure you are the sole person in control of your
privacy
CHAPTER 2
EXISTING SYSTEM & PROPOSED SYSTEM
The existing system is very simple network design without an individual modem or any firewall.
just a multi-purpose router. Some of the key points discussed below.
- there is no security hardware or software use
- the router built in firewall is not fast or automatic or robust
- built in firewall time consuming for admin and no statistical report to analyze data
- no open Wi-Fi for user because of fair security
-no firewall rules and policy backup
-slow response
-in critical condition hard to setup everything
-too much ads in a network that slow down internet
PROPOSED SYSTEM
After a detail study of the current system.so we decided we can spend too much money on
hardware firewall or setup a new network. Thanks to card shape mini arm microprocessor
raspberry is a open source board can used for any type of coding or situation so we pick up this
board to make a fast, accurate, timelessness, security, integrity and economical mini firewall.
Before designing any computerized system, it is necessary to establish the objectives that
proposed system should have to satisfy/perform. The relative system must have the following
features:
8
2.2 FEATURES
2.2.1 Primary:
Because Pi-hole blocks domains at the network level, it is able to block advertisements, such
as banner advertisements on a webpage, but it can also block advertisements in unconventional
locations, such as on Android, iOS and smart TVs.
Using VPN services, Pi-Hole can block domains without using a DNS filter setup in a router.
Any device that supports VPN can use Pi-Hole on a cellular network or a home network without
a DNS server configured.
The nature of Pi-hole allows it to also block website domains in general by manually blacklisting
the domain name. Likewise, domains can be whitelisted manually should a website's function be
impaired by domains being blocked. Pi-hole can also function as a network monitoring
tool, which can aid in troubleshooting DNS requests and faulty networking troubleshooting.
For better user-interaction, whether admin or executive, the interaction screen is well-
designed. It will make interaction and operation easily for admin and the managing different
services very easily. So the user-friendly interface attracts admin attention towards it.
FTLDNS and Unbound Combined for Your Own All-Around DNS Solution
Pi-hole acts as a forwarding DNS server, which means if it doesn’t know where a domain is, it
has to forward your query to another server that does. When you install Pi-hole, it knows where
the ad-serving domains are (because you tell it), so it doesn’t forward those requests. But
it doesn’t know where legitimate sites are. Thus these requests are forwarded to an
upstream, recursive server.
These servers also don’t know where the real Website exists unless they have been asked to find
it before. The only DNS servers that truly know where a domain is is an authoritative DNS
server. For now, we don’t need to know what an authoritative DNS server is, just that it’s the
single source of truth for a domain’s real IP address.
So when you have a Pi-hole in use on your network, the flow of traffic goes like this:
10
The concern with the existing method lies in step 4. In today’s world, these upstream servers are
known as Google, OpenDNS, and Cloud Flare, amongst others. They advertise themselves as
free private DNS servers, but how do you know for certain they are keeping their promise that
your information is truly private?
Furthermore, from the point of an attacker, the DNS servers of larger providers are very
worthwhile targets, as they only need to poison one DNS server, but millions of users might be
affected. For example, instead of your bank’s actual IP address, you could be sent to a phishing
11
site hosted on some island. This scenario has already happened and it isn’t unlikely to happen
again…
So What Is the Difference Between A Recursive DNS Server and An Authoritative DNS
server?
The first distinction we have to be aware of is whether a DNS server is authoritative or not. If
I’m the authoritative server for, e.g., pi-hole.net, then I know which IP is the correct answer for a
query. Recursive name servers, in contrast, resolve any query they receive by consulting the
servers authoritative for this query by traversing the domain. Example: We want to resolve pi-
hole.net. On behalf of the client, the recursive DNS server will traverse the path of the domain
across the Internet to deliver the answer to the question.
Operating your own local, recursive DNS server. Think of it as running your own Google or
CloudFlare DNS service. It can run on the same device you are already using Pi-hole for and
there are no additional hardware requirements.
This changes the six step procedure mentioned previously to this 12 step process:
12. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your
clients queries the same domain again.
Step 4 is where the major change happens. The steps that follow are what the upstream
servers would normally handle (along with any data tracking they may or may not be doing).
Pi-hole has traditionally returned a blank HTML page in place of advertisements. An alternative
method is to return NXDOMAIN—no such domain. This is a behavior you asked us to
implement and we have listened.
To use it, you’ll need to be running the FTLDNS beta (pihole -up if you’re already on it):
You can also checkout the development branches, but if you want the most up-to-date code, use
the FTLDNS branches.
Once you’ve checked out on the new branches, you need to add this to /etc/pihole/pihole-
FTL.conf(note you may need to create this file if it does not exist)
BLOCKINGMODE=NXDOMAIN
or
BLOCKINGMODE=NULL
depending on which method you prefer and then restart FTLDNS (pihole-FTL) to apply the
change
This is a mechanism built into DNS that can be returned as an answer when the domain doesn’t
exist. You can see this response by using nslookup on a domain that is not likely to be
registered: