Jump to content
Nabukadnezar

DDOS-ul prin NS-e ia amploare

By Nabukadnezar, in Stiri securitate

Recommended Posts

Nabukadnezar Newbie

Nabukadnezar

Posted
Posted

The Register raporteaz?:

http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/

Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze (:D) asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.com

Pachetul primit de target de la nameserver con?ine:

C:\Users\Dark Zagatu>nslookup

DNS request timed out.

timeout was 2 seconds.

Default Server: UnKnown

Address: 192.168.0.1:53

> server ns.infogate.ro

Default Server: ns.infogate.ro

Address: 80.96.198.2

> set type =ns

Unrecognized command: set type =ns

> set type=ns

> .

Server: ns.infogate.ro

Address: 80.96.198.2

Non-authoritative answer:

(root) nameserver = I.ROOT-SERVERS.NET

(root) nameserver = J.ROOT-SERVERS.NET

(root) nameserver = K.ROOT-SERVERS.NET

(root) nameserver = L.ROOT-SERVERS.NET

(root) nameserver = M.ROOT-SERVERS.NET

(root) nameserver = A.ROOT-SERVERS.NET

(root) nameserver = B.ROOT-SERVERS.NET

(root) nameserver = C.ROOT-SERVERS.NET

(root) nameserver = D.ROOT-SERVERS.NET

(root) nameserver = E.ROOT-SERVERS.NET

(root) nameserver = F.ROOT-SERVERS.NET

(root) nameserver = G.ROOT-SERVERS.NET

(root) nameserver = H.ROOT-SERVERS.NET

B.ROOT-SERVERS.NET internet address = 192.228.79.201

C.ROOT-SERVERS.NET internet address = 192.33.4.12

D.ROOT-SERVERS.NET internet address = 128.8.10.90

E.ROOT-SERVERS.NET internet address = 192.203.230.10

G.ROOT-SERVERS.NET internet address = 192.112.36.4

H.ROOT-SERVERS.NET internet address = 128.63.2.53

H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235

I.ROOT-SERVERS.NET internet address = 192.36.148.17

J.ROOT-SERVERS.NET internet address = 192.58.128.30

J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30

K.ROOT-SERVERS.NET internet address = 193.0.14.129

K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1

L.ROOT-SERVERS.NET internet address = 199.7.83.42

L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42

>

Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...