官术网_书友最值得收藏!

  • Penetration Testing Bootcamp
  • Jason Beltrame
  • 247字
  • 2021-07-02 21:35:58

Checking for DNS recursion with NSE

DNS recursion isn't typically an issue, but if you allow outside hosts to use your internal DNS servers for recursion, you are setting yourself up for potential attacks. DNS amplification attacks can be leveraged using these types of setup, where hackers will use these DNS servers to send spoofed requests to them, and they will respond back to the original host and, if there are a large number of these, a DDOS situation.

To check for DNS recursion, we can use Nmap with the NSE engine. The command is straightforward, as we will do a UDP scan on port 53 and turn on the recursive script with the command nmap -sU -p53 -script=dns-recursion HOST.

In this example, the DNS server is correctly set up as they do not allow DNS recursion:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion NS.XXX.NET
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for NS.XXX.NET (XXX.XXX.XXX.XXX)
Host is up (0.096s latency).
PORT STATE SERVICE
53/udpopen domain
Nmap done: 1 IP address (1 host up) scanned in 3.06 seconds

Next, this particular server allows recursion to happen and, hence, potentially participate in the DNS amplification attack:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion 1.xxx.xxx.xxx
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for 1.xxx.xxx.xxx
Host is up (0.27s latency).
PORT STATE SERVICE
53/udpopen domain
|_dns-recursion: Recursion appears to be enabled
Nmap done: 1 IP address (1 host up) scanned in 7.29 seconds
主站蜘蛛池模板: 安陆市| 城固县| 遵化市| 桃江县| 福鼎市| 井陉县| 嘉荫县| 柏乡县| 绵竹市| 伊川县| 涞源县| 阿图什市| 平谷区| 布拖县| 寿光市| 清苑县| 瑞昌市| 三江| 穆棱市| 上蔡县| 凤翔县| 黄平县| 泽州县| 开原市| 红安县| 金沙县| 新竹市| 台州市| 涡阳县| 浦东新区| 佛山市| 盈江县| 綦江县| 兴海县| 策勒县| 新兴县| 江华| 永德县| 潜江市| 教育| 青铜峡市|