DNS DoS Attacks

So what is DNS anyway? DNS is domain name resolution protocol - it's how names like "yahoo.com" get turned into IP addresses like "10.20.30.40". It's a fundamental part of the way the internet routing system works.

DNS Black Hole Attack

A DNS denial of service can be achieved by blocking the DNS channel, and removing the ability of the sheep's system to resolve network and web requests. By funneling some or all of the sheep's DNS requests into this black hole, the attacker can successfully create a denial of service of network resources for the sheep.

See #EvilFOCA tool below.

DNSSmurf

A DNS Smurf Attack works the same way as a DoS/Smurf Attack, except instead of swamping a victim with ping packets, it swamps a victim with DNS query response packets.

In this attack, an attacker wishes to create a denial of service for a sheep. The attacker will overwhelm the sheep's network card with traffic, so that it can't possibly continue to function normally. The attacker does so by spoofing a large number of DNS queries that look like they come from the sheep's machine, that ask "What is the IP address of google.com?" When this packet reaches a DNS server, it will respond with a packet that says "The IP address is A.B.C.D". By spoofing a large number of queries, and sending them to a large number of DNS servers, the attacker creates a network packet tsunami that drowns the sheep's network card.

See DoS/DNSSmurf for tools and details.

Tools

EvilFOCA

Main article: EvilFOCA

Link: https://github.com/ElevenPaths/EvilFOCA

Tool for conducting various DNS attacks (and other types of attacks)

Capable of conducting DHCP ACK Injection - attacker monitors DHCP exchanges, interferes by sending packets, attacker acts as fake DHCP server
DNS Hijacking - hijacking the sheep's DNS channel to control where the sheep's requests point them

Links

Related Pages

Linux/DNS

Man in the Middle/DNS

Flags

DoS/DNS

From charlesreid1

Contents