Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

dns-openresolvers-check.nse : Detects DNS servers known to allow open recursion

From: Paulino Calderon <paulino () calderonpale com>
Date: Thu, 28 Mar 2013 03:00:13 -0600
Hi list,

description = [[
dns-openresolvers-check looks up the database "dnsbl.openresolvers.org" to detect DNS servers known to allow open recursion. If the DNS server is found, it will be marked as vulnerable as it can be abused via DNS amplification attacks.
This script queries a database provided by http://dns.measurement-factory.com. 

Daily reports of open resolvers found:
* http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/

DNS aplification attacks:
* http://isotf.org/news/DNS-Amplification-Attacks.pdf
]]

---
-- @usage nmap -sV --script dns-openresolvers-check <target>
-- @usage nmap -sV -p53 --script dns-openresolvers-check <target>
--
-- @output
-- | dns-openresolvers-check:
-- |   VULNERABLE:
-- |   This DNS server has been blacklisted as an open resolver.
-- |     State: VULNERABLE
-- |     Risk factor: High
-- |     Description:
-- | This DNS server is known for supporting open recursion. Open resolvers are dangerous 
-- |           because of the following reasons:
-- | * Attackers may consume resources of third parties. They are actively being exploited in DDoS attacks. 
-- |           * Attackers may poison the cache of an open resolver.
-- |
-- |     References:
-- |       http://isotf.org/news/DNS-Amplification-Attacks.pdf
-- |_ http://dns.measurement-factory.com/surveys/openresolvers.html
---

Attachment: dns-openresolvers-check.nse
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: