Skip to content

Latest commit

 

History

History
34 lines (26 loc) · 1.06 KB

File metadata and controls

34 lines (26 loc) · 1.06 KB

Simple DNS Reflection & Amplification Attack

DNS_attack_diagram

Concepts

  • An attacker leverages the functionality of open DNS resolvers in order to overwhelm a target server or network with an amplified amount of traffic.
  • To achieve this attack
    • Reflection: The attacker fabricates the packets' information (ex: Source IP, port) with the victim's information.
    • Amplification: Use special DNS query to generate a large response.

Implementation

  • Create raw sockets.
    • root privilege
  • Generate IP-level packets with spoofed information.
    • ip header → source ip
    • udp header → source port
  • A good DNS query for amplification.
    • query type: ANY
    • additional record: EDNS0 extend the maximum size of udp packet
    • requested domain name: isc.org ieee.org ietf.org

Usage

Build dns_attack.

make

This will generate 3 DNS queries to the DNS Server and reflect the reponses to victim IP.

./dns_attack <Victim IP> <UDP Source Port> <DNS Server IP>