Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: recursive DNS servers DDoS as a growing DDoS problem

from [v9] Network Security [Permanent Link]
Subject: Re: recursive DNS servers DDoS as a growing DDoS problem
Date: Wed, 1 Mar 2006 19:34:09 -0500 (EST) 
Here are some dns servers I gathered/scanned during the time I researched
this months ago(that appear to still be up):

68.1.199.151
68.1.196.116
68.1.195.161
68.1.193.177

Just remember when you test/capture packets that the domain being
resolved must NOT exist(ie. "x").

On Thu, 2 Mar 2006, Gadi Evron wrote:


v9@fakehalo.us wrote:

While you're on the subject of the potentials of DOSing using DNS servers, 
I noticed several months ago some possible abuses myself, although I soon 
lost interest for some reason or another.

I noticed that a portion of the worlds DNS servers for some reason or 
another send back large amounts of duplicate replies if, and only if, the 
domain being resolved does not exist.

The amount of duplicates seems to range between 2 and 24(in steps of 2, 4, 
8, 12, 16, 20 and 24), where each reply packet is roughly 2.5x(including IP 
header) larger than the original request(because of the SOA).  So, for 
example one request to a DNS server that sends 24 dups back would roughly 
equal 60x(24*2.5) amplification of data.


This is very interesting. I don't have any idea why that is happeniong
(yet). Can you share packet captures?
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [OSX]: /usr/bin/passwd local root exploit., v9
Next by Date:  [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS, addmimistrator
Previous by Thread:  Re: recursive DNS servers DDoS as a growing DDoS problem, v9
Next by Thread:  Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]