Skip to content

Cyber-attack that uses DNS Recursive Server in order to perform a Reflection Attack.

Notifications You must be signed in to change notification settings

pierpaolosestito-dev/DNSAmplification

Repository files navigation

DNSAmplification

Network Diagram

This Proof-of-Concept[PoC] tool exploit DNS resolvers to perform an huge amplification attack against a specific Victim (specifying its IP). It hides the basic idea behind the attack.

DNS Amplifications Attacks are performed by an attacker to increase the bandiwidth amount in order to sends a targeted potential victim. The traditional amplification attack is known as a SMURF attack: SMURF Attack: An attacker spoofs a neighbour's IP address (of the potential victim). He sends an ICMP request to the network's broadcast address (X.X.X.255). This is configured to relay ICMP to all devices that stays behind the router. ICMP doesn't include a handshake, the destination devvice has no way to check if the source IP is legitimate.

1)The router will passes it on all the devices that sit behind it. 2)All those devices then respond back to the ping.

DNSAmplification in particular:

	UDP doesn't require a handshake == source attribute can be spoofed.
	The idea is to have the response to the query significantly biffer than the original query itself.

	We need a DNS Open-resolver configured to resolve recursive queries, no an Authorative Server.

There are Linux built-ins command that helps to discover if a particular DNS server is an open resolver:

dig [email protected] where's x.x.x.x is the DNS ip.

A DNS Open-resolved configured as we desire will return a response with status: NOERROR Instead, an Authorative DNS will return a response with status: REFUSED

This PoC uses Shodan APIs in order to identifies open resolvers across the internet, saves IP address into a json that will be convert in a txt file and using Scapy in order to make a DNS query with neighbour's IP spoofed and redirect the replies-storm to him.

PRE-REQUISITES:

  • Scapy - libary for packet manipulation.
  • Shodan library installed.
  • pip install shodan or easy_install shodan
    
  • Shodan API-Key for Developer. Sign up in Shodan
  • Scapy - libary for packet manipulation.
  • 	pip install --pre scapy
    

About

Cyber-attack that uses DNS Recursive Server in order to perform a Reflection Attack.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages