Nabukadnezar Posted February 10, 2009 Report Posted February 10, 2009 The Register raporteaz?:http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze () asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.comPachetul primit de target de la nameserver con?ine:C:\Users\Dark Zagatu>nslookupDNS request timed out. timeout was 2 seconds.Default Server: UnKnownAddress: 192.168.0.1:53> server ns.infogate.roDefault Server: ns.infogate.roAddress: 80.96.198.2> set type =nsUnrecognized command: set type =ns> set type=ns> .Server: ns.infogate.roAddress: 80.96.198.2Non-authoritative answer:(root) nameserver = I.ROOT-SERVERS.NET(root) nameserver = J.ROOT-SERVERS.NET(root) nameserver = K.ROOT-SERVERS.NET(root) nameserver = L.ROOT-SERVERS.NET(root) nameserver = M.ROOT-SERVERS.NET(root) nameserver = A.ROOT-SERVERS.NET(root) nameserver = B.ROOT-SERVERS.NET(root) nameserver = C.ROOT-SERVERS.NET(root) nameserver = D.ROOT-SERVERS.NET(root) nameserver = E.ROOT-SERVERS.NET(root) nameserver = F.ROOT-SERVERS.NET(root) nameserver = G.ROOT-SERVERS.NET(root) nameserver = H.ROOT-SERVERS.NETB.ROOT-SERVERS.NET internet address = 192.228.79.201C.ROOT-SERVERS.NET internet address = 192.33.4.12D.ROOT-SERVERS.NET internet address = 128.8.10.90E.ROOT-SERVERS.NET internet address = 192.203.230.10G.ROOT-SERVERS.NET internet address = 192.112.36.4H.ROOT-SERVERS.NET internet address = 128.63.2.53H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235I.ROOT-SERVERS.NET internet address = 192.36.148.17J.ROOT-SERVERS.NET internet address = 192.58.128.30J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30K.ROOT-SERVERS.NET internet address = 193.0.14.129K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1L.ROOT-SERVERS.NET internet address = 199.7.83.42L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42>Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes. Quote