I
thought I would never be able to generate a DNS query with reply size larger
than 4096 bytes. I was wrong ! Just look at this.
[warren@dnssec ~]# dig any doc.gov | grep SIZE
;; MSG SIZE rcvd: 9735
Of course, the reply has to fallback to TCP instead of UDP. Thanks to US Department of Commerce for letting me to play around with this.
Hackers, don't use this for amplification attacks. You will fail.
[warren@dnssec ~]# dig any doc.gov | grep SIZE
;; MSG SIZE rcvd: 9735
Of course, the reply has to fallback to TCP instead of UDP. Thanks to US Department of Commerce for letting me to play around with this.
Hackers, don't use this for amplification attacks. You will fail.
No comments:
Post a Comment