DNS Amplification Attack
A Domain Name Server (DNS) amplification attack is a popular form of distributed denial of service (DDoS) that relies on the use of publically accessible open DNS servers to overwhelm a victim system with DNS response traffic. It is a type of reflection attack which manipulates publically-accessible domain name systems, making them flood a target with large quantities of UDP packets. Using various amplification techniques, perpetrators can “inflate” the size of these UDP packets, making the attack so potent as to bring down even the most robust Internet infrastructure.
There are two criteria for a good amplification attack vector: 1) query can be set with a spoofed source address (e.g., via a protocol like ICMP or UDP that does not require a handshake); and 2) the response to the query is significantly larger than the query itself. DNS is a core, ubiquitous Internet platform that meets these criteria and therefore has become the largest source of amplification attacks
The attacker sends a DNS look-up request using the spoofed IP address of the target to vulnerable DNS servers. Most commonly, these are DNS servers that support open recursive relay. The original request is often relayed through a botnet for a larger base of attack and further concealment. The DNS request is sent using the EDNS0 extension to the DNS protocol allowing for large DNS messages. It may also use the DNS security extension (DNSSEC) cryptographic feature to add to the size of the message.
These amplifications can increase the size of the requests from around 40 bytes to above the maximum Ethernet packet size of 4000 bytes. This requires they be broken down for transmission and then reassembled, requiring further target network resources. A botnet's many amplified requests enable an attacker to direct a large attack with little outgoing bandwidth use. The attack is hard to protect against as it comes from valid-looking servers with valid-looking traffic. It is very hard to identify if it’s an attack or a legitimate request
A simple example for DNS Amplification attack
For doing this we need a DNS attack Script. Download dnsdrdos.c script from github.
copy the script save it in here i go on with the same name.When saving the script remove all the things that is not the script from the file because when compiling the file with writings other than script will cause lot of errors.
compile the script
gcc dndrdos.c -o dndrdos.o -Wall -ansi
This will compile and convert the c file into executable mode file
create a list of dns servers in a file
for this go to any free dns server lists and copy the address one by one ,(only one ip should be present in one line)
for attacking type in terminal
./dnsdrdos.o -f Dnsfilelist.txt -s -l
Here f is for selecting the file that we created for DNS server ips
s is source ip that is the targeted ip
l is the loop that is the no of times we need the request to go
This will flood the targeted ip with lots of dns requests and thereby slowing down the internet depending upon the threshold of the connection.Now a days every router have a QoS facility inbuilt by enabling these facility we can control these attack to some extend