DNS Flooder - renaudb@radware.com

The DNS Flooder is a  tool designed to  test DNS resistance to
DoS attacks, or the capabilities of security systems installed
to protect DNS servers against DoS
Most basic operation is a simple flood of DNS requests. Source
of the request can be spoofed from random addresses or specifc
one  (respectively  option  -s  and  -S).  Names requested for
resolution are random (default) or can be specified via the -o
option  (multiple hosts  can be specified in a comma seperated
list. The -O option makes it possible to specify  domain names
hostname will be generated randomly.
Packets generated can be saved in a pcap formated file. The -c
option specifies the filename to use.
Duration of this operation can be specified via the  -u option
that specifies how many seconds the test will last. Default is
infinite, until <CTRL-C> keys are pressed. Reporting  interval
(in seconds) is set with the -i option.
During the flood, it is possible to check the  availability of
the targetted server. The -e option takes a valid  record  for
for argument  and will  regularly check the answer provided by
the server.

This first  operation is  usually quite  slow (a few thousands
per  second). The  DNS Flooder  makes it  possible  to  replay
previously  captured traffic, and behaves like an accelerator.
This  "second stage"  is performed by  tcpreplay once the -r
option is set  with an argument of 0  (unimited) or the number
of  seconds that will last the  replay. In the first case (0),
the flood can be stopped by <CTRL-C>. This second flood is NOT
activated as  a default  and the -r option must be explicitely
set.  Full  path  for  tcpreplay can  be  specified  with  the
--tcpreplay option.
WARNING : The second flood accelerates packets generation rate
by approximatively  20. The  attacking workstation  may become
unstable, as well as the targeted DNS server.


DNS Flooder - renaudb@radware.com
Usage : ./maraveDNS.pl -t <TARGET DNS> [options]

Options :
        --help, -h                This help
        -H                        Print detailed help
        --spoof, -s               Spoof sources (default: no)
        --sip, -S <spoofed_IP>    Fixed spoofed address (default: no)
        --target, -t <target_IP>  Target of the attack
        --type, -y <type>         Type of requested record (default: A)
        --interval, -i <interval> Reporting interval in seconds (default: 5)
        --test, -e <record>       Test specific record for server availability (default: no test)
        --host, -o <hostlist>     Hostnames to be used for fake queries, comma separated (default: random)
        --capture, -c <filename>  Activate pcap formatted capture in the specified file. (default: no)
        --device, -d <interface>  Interface to use for packet capture. To use with the -c option
                                  Available : eth0 any lo
        --duration, -u <seconds>  Attack duration in seconds, 0=infinite. (default: 0)
        --replay, -r <seconds>    Replay captures for specififed duration, 0=infinite. (default: no)
        --tcpreplay <filename>    Name and location of tcpreplay. (default: tcpreplay)
                                  Found at /usr/sbin/tcpreplay