Wednesday, July 02, 2014

Tsunami - DNS Amplification Attack Tool

Tsunami is a DNS Amplification Attack Tool which is collected from the internet and modified by Samiux. It is designed for testing your server and/or network under the DNS Amplification Attack. Perform this test on any server and/or network without authorization is a crime and you will be put into a jail.

The number of open recursive DNS servers and the bandwidth of the attacker as well as duration may affect the traffic volume size of the attack.

Tsunami is working perfectly on Kali Linux 1.0.7 or above. The official site is at here.

Usage



To perform DNS Amplification attack :

python amplfiy.py -t 1.2.3.4 -s open_dns.txt -a domain_name.txt -c -1 --verify -v --threads=1000

*where 1.2.3.4 is the victim's IP address

To scan for the open recursive DNS server :

perl find_open_resolvers.pl '1.0.0.0 - 1.84.255.255' -q 1000

Remarks : this script just can check if the DNS server has the RA flag or not only. You need to double check with the following command to confirm the scanned DNS server is a true open recursive DNS server.

dig ANY isc.org @samsung.idv.tw

*where samsung.idv.tw is the open recursive DNS server
where isc.org is the domain to lookup

Tsunami comes with the following files :

amplfiy.py - the attack script
find_open_resolvers.pl - the scanner script
gov-uk_domain.txt - domain names of UK Government
open_dns_1.0.0.0-1.84.255.255.txt - open recursive DNS list within 1.0.0.0 and 1.84.255.255 IP range

That's all! See you.