added scripts and zodiac
This commit is contained in:
commit
9bbbc17676
49 changed files with 9254 additions and 0 deletions
148
dns/zodiac/doc/README
Normal file
148
dns/zodiac/doc/README
Normal file
|
@ -0,0 +1,148 @@
|
|||
|
||||
|
||||
zodiac - advanced dns spoofer
|
||||
|
||||
readme file
|
||||
|
||||
|
||||
|
||||
0. content
|
||||
|
||||
compilation ...................................................... 1
|
||||
features and description ......................................... 2
|
||||
overview of weak points in the domain name service ............... 3
|
||||
spoofing descriptions ............................................ 4
|
||||
hints for effective spoofing ..................................... 5
|
||||
|
||||
about ............................................................ 6
|
||||
greetings ........................................................ 7
|
||||
|
||||
legal stuff / disclaimer ......................................... 8
|
||||
|
||||
|
||||
|
||||
1. compilation
|
||||
|
||||
read "INSTALL"
|
||||
|
||||
2. features and description
|
||||
|
||||
basic features include:
|
||||
|
||||
DONE - sniffing of dns datagrams on an ethernet device
|
||||
DONE - decoding of all types of dns packets, including safe decompression
|
||||
? - nice display and gui
|
||||
DONE - always interactive in all situations
|
||||
DONE - threaded and flexible design
|
||||
|
||||
advanced features include:
|
||||
|
||||
DONE? - local dns spoof
|
||||
- jizz dns spoof, exploiting a weakness in some named's implementations
|
||||
- determines jizz-weakness, id-prediction and resolver type remotely
|
||||
- id spoofing, exploiting a weakness in the dns protocol itself
|
||||
- implements some advanced dns denial of service attacks, including
|
||||
flood, label compression and unres attack, advanced dns smurf
|
||||
|
||||
|
||||
3. overview of weak points in the domain name service
|
||||
|
||||
- connectionless, udp based, independent protocol
|
||||
|
||||
the dns protocol can utilize tcp and udp as transportation protocols.
|
||||
however, nearly all domain name servers use udp, because it has two
|
||||
great advantages over tcp: it has little overhead and it doesn't need
|
||||
time to establish a connection, it can just send data directly.
|
||||
|
||||
this is one of the reasons why the dns protocol is attackable, because
|
||||
it uses a stateless protocol to deliver it's data, and extends this with
|
||||
just some weak state variables inside the dns header.
|
||||
|
||||
stateless protocols can be spoofed easily, this is true for udp also. so
|
||||
the spoof-security has to be guaranteed by the protocol on top of it, in
|
||||
this case the dns protocol.
|
||||
|
||||
- broad usage, compatibility over security
|
||||
|
||||
since the dns protocol is very popular it has to be compatible with as
|
||||
much servers as possible. the dns standard is written down in two
|
||||
technical documents, the so called rfc's, for dns it is rfc 1034 and
|
||||
1035.
|
||||
a dns server often has to handle hundrets of requests from hundrets of
|
||||
different machines at the same time, to understand them they have to fit
|
||||
the format defined in the rfc's, any violation may render the request
|
||||
to be dropped. this makes it nearly impossible to extend the dns protocol
|
||||
within the tight borders given by the rfc.
|
||||
|
||||
- old, ineffective
|
||||
|
||||
the dns protocol we use today has been established 1987. at this time
|
||||
the internet was not as popular as today, and although there has been
|
||||
incidents in which protocol security has been compromised there was no
|
||||
real sense of security when the protocol was designed.
|
||||
|
||||
therefore the protocol is functional and obviously working but is
|
||||
lacking any security implementation. the dns id was never intended to be
|
||||
used for security, just to sort the answers of the remote dns server
|
||||
more quickly (the same applies to the isn of a tcp connection, they were
|
||||
never intended to stop ip/tcp spoofing).
|
||||
|
||||
also dns turned out to be a quite ineffective protocol in large net-
|
||||
works. there are estimations that 20% of all internet traffic are dns
|
||||
traffic. dns caching is used to avoid too much traffic, therefore
|
||||
exposing another way to compromise dns security.
|
||||
|
||||
also the dns protocol is centralized, which means there are more
|
||||
important computers than others in dns design, therefore it's clearly
|
||||
obvious which computers are subject to attacks (those that cache for
|
||||
many computers).
|
||||
|
||||
|
||||
4. spoofing descriptions
|
||||
|
||||
not yet
|
||||
|
||||
5. hints for effective spoofing
|
||||
|
||||
not yet
|
||||
|
||||
6. about
|
||||
|
||||
the program has been written by members of team teso and smiler.
|
||||
a helpful patch has been submitted by noah williamsson <tm@ns2.crw.se>.
|
||||
|
||||
the vulnerabilities the program exploits have been discovered by other
|
||||
persons, the adm crew deserves credit for the dns id spoofing technique.
|
||||
|
||||
the dozends of mindful people from the bugtraq mailing list that messed
|
||||
with dns also deserve credits :)
|
||||
|
||||
|
||||
7. greetings
|
||||
|
||||
(from scut)
|
||||
|
||||
in alphabetical order :-D
|
||||
|
||||
acpizer, avoozl, axhate, blackb, blow, bigblue, crestor, davy, domnar,
|
||||
edi, focht, foxfire, fungus, garry, hendy, hoopy, js, kafka, lorian,
|
||||
mindtrip, moc, overhead, oxigen, packwahn, plasmoid, random, route,
|
||||
smiler, spy, tb303, tis, toniq, typo, vax, waterloo, wildandi, wilkins,
|
||||
yks, yodler, zap.
|
||||
|
||||
special greetings to
|
||||
|
||||
smiler, :-)
|
||||
the adm crew, for finding the id vulnerability, but lack a good coding
|
||||
style ;-)
|
||||
foxfire, for giving me some nice packet dumps to play with
|
||||
oxigen, for giving me some hints about dns spoofing
|
||||
rfc1035, for giving me any information about any dns packet
|
||||
ken williams, for just being so cool B-)
|
||||
|
||||
|
||||
8. legal stuff / disclaimer
|
||||
|
||||
know what you do before you do it, be able to face it's consequences.
|
||||
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue