GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RoseSecurity → DNS-Fender

RoseSecurity / DNS-Fender

Licence: other
A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.

Programming Languages

shell
77523 projects

Labels

dnsdosattackpocdos-attack

Projects that are alternatives of or similar to DNS-Fender

ddos
DDoS Attack & Protection Tools for Windows, Linux & Android
Stars: ✭ 84 (+78.72%)
Mutual labels:  dos, attack
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+778.72%)
Mutual labels:  attack, poc
Safari-Crash
Small HTML DoS exploit kit aimed at mobile browsers that allows rapid deployment and testing
Stars: ✭ 32 (-31.91%)
Mutual labels:  dos, dos-attack
Python-Botnet
This is a simple DDoS python botnet script with remote monitoring & management for education purposes.
Stars: ✭ 119 (+153.19%)
Mutual labels:  dos, attack
awesome-ddos-tools
Collection of several DDos tools.
Stars: ✭ 75 (+59.57%)
Mutual labels:  dos, attack
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+202.13%)
Mutual labels:  attack, poc
Mr.sip
SIP-Based Audit and Attack Tool
Stars: ✭ 266 (+465.96%)
Mutual labels:  dos, attack
dos-attack
The program uses a simple type of DDoS attack "HTTP flood" using multithreading and a proxies. The program was created for informational purposes.
Stars: ✭ 28 (-40.43%)
Mutual labels:  attack, dos-attack
jpeg-defense
SHIELD: Fast, Practical Defense and Vaccination for Deep Learning using JPEG Compression
Stars: ✭ 82 (+74.47%)
Mutual labels:  attack
financial
POC de uma aplicação de domínio financeiro.
Stars: ✭ 62 (+31.91%)
Mutual labels:  poc
byeintegrity3-uac
Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler
Stars: ✭ 24 (-48.94%)
Mutual labels:  attack
DIV
Reconstrucción y posible fork de DIV Games Studio 2.0
Stars: ✭ 41 (-12.77%)
Mutual labels:  dos
masm-tasm
run and debug TASM/MASM code in VSCode via JSDos, DOSBox and msdos-player
Stars: ✭ 115 (+144.68%)
Mutual labels:  dos
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+1831.91%)
Mutual labels:  attack
kubernetes-cluster
Vagrant As Automation Script
Stars: ✭ 34 (-27.66%)
Mutual labels:  poc
PocOrExp in Github
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
Stars: ✭ 544 (+1057.45%)
Mutual labels:  poc
iota-mqtt-poc
IOTA Proof of Concept, store MQTT messages on the tangle.
Stars: ✭ 40 (-14.89%)
Mutual labels:  poc
CVE-2020-0796-POC
CVE-2020-0796 Pre-Auth POC
Stars: ✭ 86 (+82.98%)
Mutual labels:  poc
WPCracker
WordPress pentest tool
Stars: ✭ 34 (-27.66%)
Mutual labels:  attack
Pool2021
Pools organized for Epitech's students in 2021.
Stars: ✭ 19 (-59.57%)
Mutual labels:  poc
View All Similar Projects ➔

DNS-FENDER

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries. Recently, a 15 year old produced a 300 GB DoS attack against a well-known website using 50 lines of code. Though Cloudflare never revealed the source code, I thought I would take a stab at recreating the basic idea behind the attack. Any feedback, ways to strengthen the tool, and improvements are greatly appreciated. Feel free to develop and reuse this code! Let's make it even better!

Background

DNS Amplification Attacks are a way for an attacker to magnify the amount of bandwidth they can target at a potential victim. Imagine you are an attacker and you control a botnet capable of sending out 100Mbps of traffic. While that may be sufficient to knock some sites offline, it is a relatively trivial amount of traffic in the world of DDoS. In order to increase your attack's volume, you could try and add more compromised machines to your botnet. That is becoming increasingly difficult. Alternatively, you could find a way to amplify your 100Mbps into something much bigger.

The original amplification attack was known as a SMURF attack. A SMURF attack involves an attacker sending ICMP requests (i.e., ping requests) to the network's broadcast address (i.e., X.X.X.255) of a router configured to relay ICMP to all devices behind the router. The attacker spoofs the source of the ICMP request to be the IP address of the intended victim. Since ICMP does not include a handshake, the destination has no way of verifying if the source IP is legitimate. The router receives the request and passes it on to all the devices that sit behind it. All those devices then respond back to the ping. The attacker is able to amplify the attack by a multiple of how ever many devices are behind the router.

DNS Amplification

There are two criteria for a good amplification attack vector: 1) query can be set with a spoofed source address (e.g., via a protocol like ICMP or UDP that does not require a handshake); and 2) the response to the query is significantly larger than the query itself. DNS is a core, ubiquitous Internet platform that meets these criteria and therefore has become the largest source of amplification attacks.

DNS queries are typically transmitted over UDP, meaning that, like ICMP queries used in a SMURF attack, they are fire and forget. As a result, their source attribute can be spoofed and the receiver has no way of determining its veracity before responding.

Dos

Identifying Open Resolvers

Using the dig command, we can identify if the DNS server is an open resolver:

$ dig TARGET @ x.x.x.x

A DNS Open-resolver configured to resolve recursive queries will return a response similar to the example below, followed by a set of DNS records:

; <<>> DiG 9.10.31-P4-Ubuntu <<>> TARGET @ x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53931
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

Note ‘status’ NOERROR

A DNS server not allowing recursive queries will instead respond with an error message similar to this:

; <<>> DiG 9.10.31-P4-Ubuntu <<>> TARGET @x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 47106
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

Note ‘status’ REFUSED

DNS-FENDER Script

Using Shodan APIs, DNS-FENDER identifies open resolvers across the internet, saves IP addresses to a CSV file, and runs the dig command against your target using open DNS resolvers. This tool is still in development and any improvements, ideas, or ways to make the code stronger is strongly appreciated!

Installation

To install the Shodan library, simply:

$ pip install shodan

Or if you don't have pip installed (which you should seriously install):

$ easy_install shodan

Or if you're running an older version of the Shodan Python library and want to upgrade:

easy_install -U shodan

You can get your API key from your Shodan account page located at:

https://account.shodan.io/

Then just:

$ chmod +x DNS-Fender.sh
$ ./DNS-Fender.sh

Enter your API Key and Target to attack!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].