PtrLoop2 - PTR Alias Loops (Variant 2)

PtrLoop2 - PTR Alias Loops (Variant 2)

This module implements alias loops using reverse DNS lookups (PTR records), which map IP addresses back to domain names.

It specifically handles reverse DNS queries for any IP address within the 198.51.100.0/24 private network range, known as TEST-NET-2, which is typically used for documentation and examples.

When this module receives a reverse DNS lookup query for an IP address such as 198.51.100.x (this means searching for the PTR record for x.100.51.198.in-addr.arpa domain), it responds with a PTR record with incremented domain name, cycling through addresses from 198.51.100.0 to 198.51.100.255 indefinitely, effectively creating a loop.

BEWAREThis could potentially lead to a domain lock-up (DoS).

Category: Alias loops

Tags: Domain Lock-Up, Denial of Service

RFCs: RFC1035

Format

*.100.51.198.in-addr.arpa

This module has no parameters.

Examples

In this example, we perform a reverse lookup for the IP address 198.51.100.0, which is the 1st element of the loop. The result is an incremented IP address (192.51.100.1) in in-addr.arpa format:

# dig -x 198.51.100.0 @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> -x 198.51.100.0 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40912
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0.100.51.198.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
0.100.51.198.in-addr.arpa. 60	IN	PTR	1.100.51.198.in-addr.arpa.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Nov 06 15:52:10 +04 2024
;; MSG SIZE  rcvd: 82

Download PCAP File

This incrementation continues up to the last IP address (the final element) — 192.51.100.255 (or 255.100.51.198.in-addr.arpa in in-addr.arpa format).


By resolving the final element of the loop, we are directed back to the 1st element again:

# dig -x 198.51.100.255 @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> -x 198.51.100.255 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21002
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;255.100.51.198.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
255.100.51.198.in-addr.arpa. 60	IN	PTR	0.100.51.198.in-addr.arpa.

;; Query time: 36 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Nov 07 00:15:41 +04 2024
;; MSG SIZE  rcvd: 84

Download PCAP File

This setup effectively creates a loop.


From the same category

See also


Go back to catalogue.