DNS放大攻击 产生大流量的攻击方法 - 单机的宽带的优势 - 巨大单机数量形成的流量汇聚 - 利用协议特性实现放大效果的流量 DNS协议放大效果 - 查询请求流量小,但响应流量可能非常巨大 - dig ANY hp.com @202.106.0.20 (流量方法约8倍) 攻击原理 - 伪造源地址为被攻击目标地址,想退敌域名查询服务器发起查询 - DNS服务器成为流量放大和实施攻击者,大量DNS服务器实现DDos |
wireshark
ip.addr == 202.106.0.20
root@K:~# dig any baidu.com @202.106.0.20
root@K:~# dig any qq.com @202.106.0.20
root@K:~# dig any hp.com @202.106.0.20
root@K:~# scapy
WARNING: NO route found for IPV6 destination :: (no default route?)
welcome to Scapy (2.3.2)
>>> i=IP()
>>> i.display()
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = None
id = 1
flags=
frag= 0
ttl = 64
proto = tcp
chksum = None
src = 127.0.0.1
dst = 127.0.0.1
\options\
>>> i.dst="202.106.0.20"
>>> i.display()
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = None
i d= 1
flags =
frag = 0
ttl = 64
proto = tcp
chksum = None
src = 127.0.0.1
dst = 202.106.0.20