I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack?

asked 2020-06-04 08:43:09 +0000

Rebel gravatar image

updated 2020-06-04 09:00:54 +0000

All are DNS protocol. Please refer to capture here. https://filebin.net/mgq9w3f4be8xpbew

edit retag flag offensive close merge delete


Is this simply a rephrasing of your other question: What is wrong with the DNS in PCAP?

If so, please add a comment to your original question so that this duplicate can be closed.

Adding the actual capture file to any question helps immensely, screen shots aren't all that helpful as they only show the info you have on display, there's much more in the actual capture file.

grahamb gravatar imagegrahamb ( 2020-06-04 08:56:08 +0000 )edit

No, This is not from the same. I have a different issue this time. Please find the capture file here. https://filebin.net/mgq9w3f4be8xpbew

Rebel gravatar imageRebel ( 2020-06-04 09:00:21 +0000 )edit

Is this a lab assignment? What is the source of the capture?
Have you looked through the RFC to see how the ID field is used?

Chuckc gravatar imageChuckc ( 2020-06-04 14:11:20 +0000 )edit

yes, Source is not specified. No i have not seen RFC and apologies cor informality i am new to community sites. I have a doubt of this capture as a result of DNS flood or DNS amplification attack. Please correct me if i am wrong.

Rebel gravatar imageRebel ( 2020-06-04 14:18:50 +0000 )edit

If this is a network security-related assignment then to answer your question you need to understand what is the basic difference between a DNS amplification attack and a DNS flood. Hints: In each type of attack, what are the packets an attacker sends and what are the packets a target receives? Does the attacker send packets directly to the target? Who is the target for each type of attack? Good luck. Google is your friend.

Spooky gravatar imageSpooky ( 2020-06-06 02:57:54 +0000 )edit