Re: DNS Speculation

[Bryan Burns <bburns () juniper net>]

Hi Marc,

I wrote a python version of the attack as well, and ran into the same
problem with scapy.send() being far too slow.  However, scapy.sendpfast()
uses tcpreplay to send the packets which if anything is too fast.  I had to
specify a limiting pps value to keep from sending all the spoofed responses
before the target server had a chance to send its own request..

The only caveat with sendpfast() vs send() is that it sends at layer2, so
you'll need to prefix an Ethernet() header to your IP packets..

help(scapy.sendpfast)

Help on function sendpfast in module scapy:

sendpfast(x, pps=None, mbps=None, realtime=None, loop=0, iface=None)
    Send packets at layer 2 using tcpreplay for performance
    pps:  packets per second
    mpbs: MBits per second
    realtime: use packet's timestamp, bending time with realtime value
    loop: number of times to process the packet list
    iface: output interface

-Bryan

On 7/24/08 6:34 PM, "marc_bevand () rapid7 com" <marc_bevand () rapid7 com> wrote:

> It is cool to see a ruby implementation of the Kaminsky attack that is
> apparently fast enough... Yesterday I was working on a python
> implementation
> using scapy but the scapy.send() call was taking 1+ ms to execute because
> of
> lack of optimization: the way it is implemented, each send() fetches
> interface
> information via ioctl() calls, etc.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave