官术网_书友最值得收藏!

Checking for DNS recursion with NSE

DNS recursion isn't typically an issue, but if you allow outside hosts to use your internal DNS servers for recursion, you are setting yourself up for potential attacks. DNS amplification attacks can be leveraged using these types of setup, where hackers will use these DNS servers to send spoofed requests to them, and they will respond back to the original host and, if there are a large number of these, a DDOS situation.

To check for DNS recursion, we can use Nmap with the NSE engine. The command is straightforward, as we will do a UDP scan on port 53 and turn on the recursive script with the command nmap -sU -p53 -script=dns-recursion HOST.

In this example, the DNS server is correctly set up as they do not allow DNS recursion:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion NS.XXX.NET
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for NS.XXX.NET (XXX.XXX.XXX.XXX)
Host is up (0.096s latency).
PORT STATE SERVICE
53/udpopen domain
Nmap done: 1 IP address (1 host up) scanned in 3.06 seconds

Next, this particular server allows recursion to happen and, hence, potentially participate in the DNS amplification attack:

root@pi-kali:~# nmap -sU -p53 --script=dns-recursion 1.xxx.xxx.xxx
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-06 18:24 UTC
Nmap scan report for 1.xxx.xxx.xxx
Host is up (0.27s latency).
PORT STATE SERVICE
53/udpopen domain
|_dns-recursion: Recursion appears to be enabled
Nmap done: 1 IP address (1 host up) scanned in 7.29 seconds
主站蜘蛛池模板: 罗城| 宿迁市| 兴安盟| 临澧县| 康乐县| 丁青县| 玛纳斯县| 同仁县| 凌云县| 潮安县| 云霄县| 长阳| 宜州市| 黑河市| 修水县| 延川县| 贵南县| 岑巩县| 周宁县| 绥芬河市| 赤壁市| 南京市| 岑巩县| 开化县| 定结县| 云梦县| 江川县| 苍山县| 普安县| 日土县| 张家界市| 陇南市| 和静县| 扎兰屯市| 兴文县| 镇原县| 五指山市| 新安县| 莱州市| 特克斯县| 额敏县|