NptEnumLoop - NAPTR ENUM Alias Loops

This module implements alias loops using NAPTR (Naming Authority Pointer) ENUM records, which are used to map identifiers like telephone numbers to a variety of service URIs, including SIP addresses, voicemail systems, and web or email addresses.

This module is specifically designed to handle DNS queries that translate telephone numbers into SIP service URIs using the E.164 format. In this format, a phone number such as 1234567890 is transformed into the reversed sequence 0.9.8.7.6.5.4.3.2.1.e164.arpa. This domain is then queried in DNS to identify the corresponding designated SIP service address.

When this module receives a NAPTR DNS query for translating a telephone number ending with the digit 2, it will generate a response with a SIP service URI. This URI will point to the same domain name as in the original query, effectively creating a direct loop.

While NAPTR ENUM records do not contain aliases like CNAME records, this could achieve similar results by prompting the client to perform consecutive queries to resolve it.

⚠BEWARE⚠This can potentially lead to a domain lock-up (DoS).

Category: Alias loops

Tags: Domain Lock-Up, Denial of Service

RFCs: RFC2915, RFC3761

Format

2.*.e164.arpa

This module has no parameters.

Examples

In this example, we look up the telephone number 8765432. As a result, we receive a response containing a SIP URI pointing to the exact same phone number, formatted as an E.164 address:

# dig NAPTR 2.3.4.5.6.7.8.e164.arpa @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> NAPTR 2.3.4.5.6.7.8.e164.arpa @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57772
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.3.4.5.6.7.8.e164.arpa.	IN	NAPTR

;; ANSWER SECTION:
2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!2.3.4.5.6.7.8.e164.arpa!" .

;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Nov 06 15:02:15 +04 2024
;; MSG SIZE  rcvd: 99

Download PCAP File

This effectively creates a direct loop if the client attempts to resolve it further.

From the same category

• CnLoop - CNAME Alias Loops
• DnLoop - DNAME Alias Loops
• HtLoop - HTTPS Alias Loops
• Loop - Alias Loops
• MxLoop - MX Alias Loops
• NsLoop - NS Alias Loops
• PtrLoop1 - PTR Alias Loops (Variant 1)
• PtrLoop2 - PTR Alias Loops (Variant 2)
• SpfLoop - SPF (TXT) Alias Loops
• SrLoop - SRV Alias Loops
• SvLoop - SVCB Alias Loops

See also

• NptEnumAlias - Random NAPTR ENUM Aliases

Go back to catalogue.