API tools faq
paste
Advertisement
coldfire7

AmberIt DNS (Port 53) Hijacking

coldfire7
Jul 2nd, 2020
858
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.54 KB | None | 0 0
raw download clone embed print report
  1. # AmberIt (DNS / Port 53 traffic is being hijacked)
  2.  
  3.  
  4. # ICMP Tracerotue to the DNS server
  5. cinnamon@rolls:~$ sudo traceroute -I -q1 -w1 -n 5.132.191.104
  6. traceroute to 5.132.191.104 (5.132.191.104), 30 hops max, 60 byte packets
  7.  1  118.179.180.209  3.253 ms
  8.  2  *
  9.  3  202.4.100.253  3.631 ms
  10.  4  103.12.177.1  3.669 ms
  11.  5  103.12.176.1  4.163 ms
  12.  6  103.16.155.13  4.607 ms
  13.  7  103.16.152.30  4.591 ms
  14.  8  103.16.152.82  12.737 ms
  15.  9  27.111.228.81  52.854 ms
  16. 10  184.105.65.14  189.768 ms
  17. 11  184.105.80.13  193.056 ms
  18. 12  184.105.65.57  207.075 ms
  19. 13  184.104.204.134  204.645 ms
  20. 14  77.244.255.98  207.248 ms
  21. 15  77.244.255.149  314.480 ms
  22. 16  *
  23. 17  5.132.191.104  205.495 ms
  24.  
  25. # DNS Traceroute to the DNS server
  26. cinnamon@rolls:~$ sudo dnstraceroute --expert -C -t A -s 5.132.191.104 -n facebook.com
  27. dnstraceroute.py DNS: 5.132.191.104:53, hostname: facebook.com, rdatatype: A
  28. 1   5.132.191.104 (5.132.191.104) 2.571 ms
  29.  
  30. === Expert Hints ===
  31.  [*] path too short (possible DNS hijacking, unless it is a local DNS resolver)
  32.  
  33.  
  34.  
  35. # DotInternet (DNS / Port 53 traffic is NOT being hijacked)
  36.  
  37.  
  38. # ICMP Tracerotue to the DNS server
  39. pi@dolores  ~  sudo traceroute -I -q1 -w1 -n 5.132.191.104
  40. traceroute to 5.132.191.104 (5.132.191.104), 30 hops max, 60 byte packets
  41.  1  59.153.100.16  1.473 ms
  42.  2  172.16.16.57  1.638 ms
  43.  3  43.224.113.69  1.646 ms
  44.  4  103.230.17.112  1.889 ms
  45.  5  180.87.39.117  41.460 ms
  46.  6  180.87.38.1  160.067 ms
  47.  7  80.231.217.29  161.322 ms
  48.  8  80.231.217.2  160.757 ms
  49.  9  80.231.200.78  162.859 ms
  50. 10  195.219.87.31  157.134 ms
  51. 11  195.219.25.22  179.262 ms
  52. 12  77.244.255.98  183.051 ms
  53. 13  77.244.255.149  181.999 ms
  54. 14  *
  55. 15  5.132.191.104  180.721 ms
  56.  
  57. # DNS Traceroute to the DNS server
  58. pi@dolores  ~  sudo dnstraceroute --expert -C -t A -s 5.132.191.104 -n facebook.com
  59. dnstraceroute DNS: 5.132.191.104:53, hostname: facebook.com, rdatatype: A
  60. 1   59.153.100.16 (59.153.100.16) 3.435 ms
  61. 2   172.16.16.57 (172.16.16.57) 5.480 ms
  62. 3   43.224.113.69 (43.224.113.69) 5.153 ms
  63. 4   103.230.17.112 (103.230.17.112) 5.417 ms
  64. 5   180.87.39.117 (180.87.39.117) 46.877 ms
  65. 6   180.87.38.1 (180.87.38.1) 164.670 ms
  66. 7   80.231.217.29 (80.231.217.29) 164.556 ms
  67. 8   80.231.217.2 (80.231.217.2) 166.780 ms
  68. 9   80.231.200.78 (80.231.200.78) 167.298 ms
  69. 10   *
  70. 11  195.219.25.22 (195.219.25.22) 183.188 ms
  71. 12  77.244.255.98 (77.244.255.98) 191.329 ms
  72. 13  77.244.255.149 (77.244.255.149) 185.990 ms
  73. 14   *
  74. 15  5.132.191.104 (5.132.191.104) 206.732 ms
  75.  
  76. === Expert Hints ===
  77.  [*] public DNS server is next to an invisible hop (probably a firewall)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!