1. DNS/毒盛/AncillaryDataAttacks/1.1.1.1/攻撃例

について、ここに記述してください。

Contents

  1. DNS/毒盛/AncillaryDataAttacks/1.1.1.1/攻撃例
    1. BIND
    2. 危険な返答

1.1. BIND

cf1111.tcpreplay.net ゾーンと 

$ dig cf1111.tcpreplay.net. @52.213.198.181

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> cf1111.tcpreplay.net. @52.213.198.181
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34303
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 55128017f940bfd5d16998295eec7b5b66b96205215c5875 (good)
;; QUESTION SECTION:
;cf1111.tcpreplay.net.          IN      A

;; AUTHORITY SECTION:
cf1111.tcpreplay.net.   300     IN      NS      ns-out.out.117yen.com.

;; ADDITIONAL SECTION:
ns-out.out.117yen.com.  170     IN      A       63.35.157.66

;; Query time: 249 msec
;; SERVER: 52.213.198.181#53(52.213.198.181)
;; WHEN: Fri Jun 19 17:46:19 JST 2020
;; MSG SIZE  rcvd: 128

ns-out.out.117yen.com ゾーンを同居させる。 

$ dig -t a ns-out.out.117yen.com. @52.213.198.181

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t a ns-out.out.117yen.com. @52.213.198.181
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27041
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a98c1934a65e48545bc8d9ea5eec7cbd02b37f9c27aa8996 (good)
;; QUESTION SECTION:
;ns-out.out.117yen.com.         IN      A

;; ANSWER SECTION:
ns-out.out.117yen.com.  170     IN      A       63.35.157.66

;; AUTHORITY SECTION:
out.117yen.com.         170     IN      NS      ns.out.117yen.com.

;; ADDITIONAL SECTION:
ns.out.117yen.com.      170     IN      A       52.213.198.181

;; Query time: 257 msec
;; SERVER: 52.213.198.181#53(52.213.198.181)
;; WHEN: Fri Jun 19 17:52:13 JST 2020
;; MSG SIZE  rcvd: 127

1.2. 危険な返答

$ dig -t ns cf1111.tcpreplay.net. @52.213.198.181

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t ns cf1111.tcpreplay.net. @52.213.198.181
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 142
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e01d730377bd3d99b084f77b5eec7c6cb0e5e9fa0c73b0a4 (good)
;; QUESTION SECTION:
;cf1111.tcpreplay.net.          IN      NS

;; AUTHORITY SECTION:
cf1111.tcpreplay.net.   300     IN      NS      ns-out.out.117yen.com.

;; ADDITIONAL SECTION:
ns-out.out.117yen.com.  170     IN      A       63.35.157.66

;; Query time: 270 msec
;; SERVER: 52.213.198.181#53(52.213.198.181)
;; WHEN: Fri Jun 19 17:50:52 JST 2020
;; MSG SIZE  rcvd: 128

普通のリゾルバーならこのadditionalは捨てるが、1.1.1.1 はこの場面では使う。(危険) 

$ dig -t txt cf1111.tcpreplay.net  @63.35.157.66

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> -t txt cf1111.tcpreplay.net @63.35.157.66
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51636
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 73e033000526536375decadc5eec7ba4e53f7d350d000a6e (good)
;; QUESTION SECTION:
;cf1111.tcpreplay.net.          IN      TXT

;; ANSWER SECTION:
cf1111.tcpreplay.net.   30      IN      TXT     "!!! FAKE DANGER !!!"

;; AUTHORITY SECTION:
cf1111.tcpreplay.net.   30      IN      NS      ns.cf1111.tcpreplay.net.

;; ADDITIONAL SECTION:
ns.cf1111.tcpreplay.net. 30     IN      A       63.35.157.66

;; Query time: 248 msec
;; SERVER: 63.35.157.66#53(63.35.157.66)
;; WHEN: Fri Jun 19 17:47:32 JST 2020
;; MSG SIZE  rcvd: 142