reference
http://tools.ietf.org/search/draft-vandergaast-edns-client-subnet-02
# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 13.04"
3.8.0-35-generic x86_64
|
[ dig client subnet ]
To use client subnet with dig, you need to apply a patch file.
# wget wilmer.gaa.st/edns-client-subnet/bind-9.9.3-dig-edns-client-subnet-iana.diff
|
download bind9.9.3-P2, apply the patch and compile.
|
# tar xzvf bind-9.9.3.tar.gz
# cp bind-9.9.3-dig-edns-client-subnet-iana.diff bind-9.9.3
# cd bind-9.9.3/
# patch -p0 < bind-9.9.3-dig-ed
ns-client-subnet-iana.diff
patching file bin/dig/dig.c
patching file bin/dig/dighost.c
patching file bin/dig/include/dig/dig.h
patching file lib/dns/include/dns/message.h
patching file lib/dns/message.c
# ./configure
# make
# make install
|
Google public DNS supports client subnet.
So let’s check the client subnet behavior by sending a query to Google DNS.
# /usr/local/bin/dig @8.8.8.8 www.google.com +client=59.155.255.200 +short
74.125.128.105
74.125.128.99
74.125.128.103
74.125.128.106
74.125.128.104
74.125.128.147
|
# /usr/local/bin/dig @8.8.8.8 www.google.com +client=70.155.255.2
00 +short
173.194.37.19
173.194.37.17
173.194.37.18
173.194.37.20
173.194.37.16
|
[ namp ]
# git clone https://github.com/nmap/nmap.git
# cd nmap
# ./configure
# make
# make install
# /usr/local/bin/nmap -version
Nmap version 6.41SVN ( http://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.2.3 openssl-1.0.1c nmap-libpcre-7.6 libpcap-1.3.0 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
# ls scripts/dns-*
scripts/dns-blacklist.nse scripts/dns-nsid.nse
scripts/dns-brute.nse scripts/dns-random-srcport.nse
scripts/dns-cache-snoop.nse scripts/dns-random-txid.nse
scripts/dns-check-zone.nse scripts/dns-recursion.nse
scripts/dns-client-subnet-scan.nse scripts/dns-service-discovery.nse
scripts/dns-fuzz.nse scripts/dns-srv-enum.nse
scripts/dns-ip6-arpa-scan.nse scripts/dns-update.nse
scripts/dns-nsec-enum.nse scripts/dns-zeustracker.nse
scripts/dns-nsec3-enum.nse scripts/dns-zone-transfer.nse
|
Usage of this script
---
-- @usage
-- nmap -sU -p 53 --script dns-client-subnet-scan --script-args \
-- dns-client-subnet-scan.domain=www.example.com, \
-- dns-client-subnet-scan.address=192.168.0.1 \
-- [,dns-client-subnet.nameserver=8.8.8.8] \
-- [,dns-client-subnet.mask=24] <target>
-- nmap --script dns-client-subnet-scan --script-args \
-- dns-client-subnet-scan.domain=www.example.com, \
-- dns-client-subnet-scan.address=192.168.0.1 \
-- dns-client-subnet.nameserver=8.8.8.8, \
-- [,dns-client-subnet.mask=24]
--
-
|
from Japan
# /usr/local/bin/nmap -sU -p 53 --script dns-client-subnet-scan --script-args dns-client-subnet-scan.domain=www.google.com,dns-client-subnet-scan.address=103.240.252.0,dns-client-subnet.nameserver=8.8.8.8 8.8.8.8
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.038s latency).
PORT STATE SERVICE
53/udp open|filtered domain
| dns-client-subnet-scan:
| www.google.com
| 74.125.235.208
| 74.125.235.209
| 74.125.235.210
| 74.125.235.211
|_ 74.125.235.212
Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
|
from Republic of Ghana
# /usr/local/bin/nmap -sU -p 53 --script dns-client-subnet-scan --script-args dns-client-subnet-scan.domain=www.google.com,dns-client-subnet-scan.address=41.242.112.0,
dns-client-subnet.nameserver=8.8.8.8 8.8.8.8
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.043s latency).
PORT STATE SERVICE
53/udp open|filtered domain
| dns-client-subnet-scan:
| www.google.com
| 173.194.41.208
| 173.194.41.209
| 173.194.41.210
| 173.194.41.211
|_ 173.194.41.212
Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.