DNS Amplification Attack



A Domain Name Server (DNS) amplification attack is a popular form of distributed denial of service (DDoS) that relies on the use of publically accessible open DNS servers to overwhelm a victim system with DNS response traffic. It is a type of reflection attack which manipulates publically-accessible domain name systems, making them flood a target with large quantities of UDP packets. Using various amplification techniques, perpetrators can “inflate” the size of these UDP packets, making the attack so potent as to bring down even the most robust Internet infrastructure.


          There are two criteria for a good amplification attack vector: 1) query can be set with a spoofed source address (e.g., via a protocol like ICMP or UDP that does not require a handshake); and 2) the response to the query is significantly larger than the query itself. DNS is a core, ubiquitous Internet platform that meets these criteria and therefore has become the largest source of amplification attacks
The attacker sends a DNS look-up request using the spoofed IP address of the target to vulnerable DNS servers. Most commonly, these are DNS servers that support open recursive relay. The original request is often relayed through a botnet for a larger base of attack and further concealment. The DNS request is sent using the EDNS0 extension to the DNS protocol allowing for large DNS messages.  It may also use the DNS security extension (DNSSEC) cryptographic feature to add to the size of the message. 


         These amplifications can increase the size of the requests from around 40 bytes to above the maximum Ethernet packet size of 4000 bytes. This requires they be broken down for transmission and then reassembled, requiring further target network resources.  A botnet's many amplified requests enable an attacker to direct a large attack with little outgoing bandwidth use. The attack is hard to protect against as it comes from valid-looking servers with valid-looking traffic. It is very hard to identify if it’s an attack or a legitimate request


A simple example for DNS Amplification attack
For doing this we need a DNS attack Script. Download dnsdrdos.c script from github.




copy the script save it in   here i go on with the same name.When saving the script remove all the things that is not the script from the file because when compiling the file with writings other than script will cause lot of errors.


compile the script


gcc  dndrdos.c  -o dndrdos.o  -Wall -ansi  


This will compile and convert the c file into executable mode file


create a list of dns servers  in a file
 for this go to any free dns server lists and copy the address one by one ,(only one ip should be present in one line)


for attacking type in terminal


./dnsdrdos.o  -f  Dnsfilelist.txt  -s   -l 


Here   f  is for selecting the file that we created for DNS server ips
          s  is source ip that is the targeted ip
          l  is the loop that is the no of times we need the request to go


This will flood the targeted ip with lots of dns requests and thereby slowing down the internet  depending upon the  threshold of the connection.Now a days every router have a QoS facility inbuilt by enabling these facility we can control these attack to some extend


Comments

  1. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    http://chennaitraining.in/building-estimation-and-costing-training-in-chennai/
    http://chennaitraining.in/embedded-systems-training-in-chennai/
    http://chennaitraining.in/vlsi-training-in-chennai/
    http://chennaitraining.in/matlab-training-in-chennai/
    http://chennaitraining.in/iot-training-in-chennai/

    ReplyDelete
  2. Hi All!

    I'm selling fresh & genuine SSN Leads, with good connectivity. All data are tested & verified.
    Headers in Leads:

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner

    *You can ask for sample before any deal
    *Each SSN lead will be cost $1
    *Premium Lead will be cost $5
    *If anyone wants in bulk I will negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    -->$5 PER EACH

    Hope for the long term deal
    For detailed information you can make contact on:

    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Post a comment

Popular posts from this blog

How to Repair Kali Linux grub after installing Windows in Dual boot System

HYDRA - The Password Bruteforce tool

SPARTA - Network scanning and Penetration Testing Tool

OpenVAS Scanner - The Network Vulnerability scanner

Nikto - The powerful WEBSERVER Scanner

SQL Injection

Avet – Open Source Anti-Virus Evasion Tool

PDFCrack - Password Cracking Tool for PDF-files

DENIAL OF SERVICE (DoS)