PtrLoop2 - PTR Alias Loops (Variant 2)
This module implements alias loops using reverse DNS lookups (PTR records), which map IP addresses back to domain names.
It specifically handles reverse DNS queries for any IP address within the 198.51.100.0/24
private network range, known as TEST-NET-2, which is typically used for documentation and examples.
When this module receives a reverse DNS lookup query for an IP address such as 198.51.100.x
(this means searching for the PTR record for x.100.51.198.in-addr.arpa
domain), it responds with a PTR record with incremented domain name, cycling through addresses from 198.51.100.0
to 198.51.100.255
indefinitely, effectively creating a loop.
Category: Alias loops
Tags: Domain Lock-Up, Denial of Service
RFCs: RFC1035
Format
*.100.51.198.in-addr.arpa
This module has no parameters.
Examples
In this example, we perform a reverse lookup for the IP address 198.51.100.0
, which is the 1st element of the loop. The result is an incremented IP address (192.51.100.1
) in in-addr.arpa format:
# dig -x 198.51.100.0 @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> -x 198.51.100.0 @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40912 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;0.100.51.198.in-addr.arpa. IN PTR ;; ANSWER SECTION: 0.100.51.198.in-addr.arpa. 60 IN PTR 1.100.51.198.in-addr.arpa. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 15:52:10 +04 2024 ;; MSG SIZE rcvd: 82
This incrementation continues up to the last IP address (the final element) — 192.51.100.255
(or 255.100.51.198.in-addr.arpa
in in-addr.arpa format).
By resolving the final element of the loop, we are directed back to the 1st element again:
# dig -x 198.51.100.255 @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> -x 198.51.100.255 @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21002 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;255.100.51.198.in-addr.arpa. IN PTR ;; ANSWER SECTION: 255.100.51.198.in-addr.arpa. 60 IN PTR 0.100.51.198.in-addr.arpa. ;; Query time: 36 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Thu Nov 07 00:15:41 +04 2024 ;; MSG SIZE rcvd: 84
This setup effectively creates a loop.
From the same category
- CnLoop - CNAME Alias Loops
- DnLoop - DNAME Alias Loops
- HtLoop - HTTPS Alias Loops
- Loop - Alias Loops
- MxLoop - MX Alias Loops
- NptEnumLoop - NAPTR ENUM Alias Loops
- NsLoop - NS Alias Loops
- PtrLoop1 - PTR Alias Loops (Variant 1)
- SpfLoop - SPF (TXT) Alias Loops
- SrLoop - SRV Alias Loops
- SvLoop - SVCB Alias Loops