官术网_书友最值得收藏!

  • Penetration Testing Bootcamp
  • Jason Beltrame
  • 247字
  • 2021-07-02 21:35:58

Checking for DNS recursion with NSE

DNS recursion isn't typically an issue, but if you allow outside hosts to use your internal DNS servers for recursion, you are setting yourself up for potential attacks. DNS amplification attacks can be leveraged using these types of setup, where hackers will use these DNS servers to send spoofed requests to them, and they will respond back to the original host and, if there are a large number of these, a DDOS situation.

To check for DNS recursion, we can use Nmap with the NSE engine. The command is straightforward, as we will do a UDP scan on port 53 and turn on the recursive script with the command nmap -sU -p53 -script=dns-recursion HOST.

In this example, the DNS server is correctly set up as they do not allow DNS recursion:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion NS.XXX.NET
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for NS.XXX.NET (XXX.XXX.XXX.XXX)
Host is up (0.096s latency).
PORT STATE SERVICE
53/udpopen domain
Nmap done: 1 IP address (1 host up) scanned in 3.06 seconds

Next, this particular server allows recursion to happen and, hence, potentially participate in the DNS amplification attack:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion 1.xxx.xxx.xxx
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for 1.xxx.xxx.xxx
Host is up (0.27s latency).
PORT STATE SERVICE
53/udpopen domain
|_dns-recursion: Recursion appears to be enabled
Nmap done: 1 IP address (1 host up) scanned in 7.29 seconds
主站蜘蛛池模板: 利津县| 盐源县| 蓝田县| 宣城市| 襄城县| 平江县| 府谷县| 海南省| 吉首市| 廉江市| 来凤县| 海阳市| 进贤县| 邯郸市| 丰都县| 牡丹江市| 吉木萨尔县| 三都| 葫芦岛市| 白朗县| 尉氏县| 张家口市| 茶陵县| 台北市| 渑池县| 灵台县| 兴和县| 确山县| 宝鸡市| 根河市| 灵宝市| 隆昌县| 肃宁县| 辰溪县| 宣化县| 怀远县| 桂平市| 叶城县| 肥乡县| 武邑县| 丹凤县|