DNS Amplification DDoS Attack
WHAT İS DNS ?
The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain namesassigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality on the Internet, that has been in use since 1985
(Wikipedia)
When I want to go to berkdusunur.net with Browser, the browser first asks me if i can translate berkdusunur.net address to me
The system looks in the / etc / hosts directory. If there is an ip address on the berkdusunur.net domain it will use it.
The root servers in Turkey are called ODTU. From there it is directed to the domain name.
DNS INQUIRIES
By leaving the DNS recursion query on, you allow an attacker to use your DNS on your behalf.
DNS Amplification attacks, a professional attack technique, attack by sending packets to you via a DNS server that is in your domain
(If 1 DNS packet is 50 bytes, this packet will be returned in response to 10x ie 500 bytes).
Thus, the attacker will not only use your bandwidth, but at the same time will also provide his / her own privacy, creating the perception that the attacker is like you.
How do we know if our DNS server is open for the recursion query?
You can learn in two shapes
1. If you want to check the settings of your DNS server
2. From the outside DNS server will do DNS Recursion query.
NMAP RECURSIVE INQUIRY
Using a script located in Nmap it helps to detect the weakness of the dns server 1 to get 10
Let's first scan the DNS server list that we found using this script of NMAP.
Command
nmap -sU -p 53 --script=dns-recursion -iL
/home/ceh/Masaüstü/recursive-amp4.txt
TSUNAMI - DNS AMPLIFICATION ATTACK
Tsunami is making DNS requests to the servers in the DNS list that I specify.In the answer, the changed source leads to ip address as well as to the victim
I have displayed help parameters
After downloading the tool and installing the necessary packages
Attacks
./tsunami -s 192.168.1.80 -p 100 -f recursive_dns.txt
-s = destination address
-p = request to be made by each DNS server (default 1)
-f = command to open the server list
After launching the attack, we listen to the packages coming through the wireshark in the virtual system that we attacked
give me one take ten :)
www.berkdusunur.net
berkdusunurx@gmail.com
0 yorum :
Yorum Gönder