- An IP-spoofing-capable host (preferably Linux)
- A domain (attacker-controlled name server)
- Other things needed to make clear:
- The resolver to poison (victim resolver)
- The domain to poison (victim domain)
- The victim domain's record will be poisoned on the victim resolver.
- Flood query traffic to mute the name server of the victim domain.
- Run attack program to guess the port number and TxID automatically.
-
Compile
go build ucr.edu/saddns(requiresgopacketandlibpcap) -
Start flooding
./dns_query.sh &(requireshping3)Please see the comment in the file for usage.
-
Start attacking (flooding is still in progress)
sudo ./saddns [args]Run
./saddns -hfor usage.
attack.sh is a sample script for finish the whole PoC (both Step 2 & 3) including the verification of the poisoned result. It's a demonstrative script and please modify the code accordingly (it won't run by default).