Infrastructure Layer

DNS Attack


The DNS Gremlin blocks all outgoing traffic over the standard DNS port (53), optionally constrained by supplied IP addresses. This Gremlin is equivalent to running a Blackhole attack against port 53.

Linux

This Gremlin does not interact with iptables, and so it does not interfere with any existing iptables rulesets.

This Gremlin requires the NET_ADMIN capability, which is enabled for Gremlin by default at installation time. See capabilities(7)

Options

ParameterFlagRequiredDefaultVersionDescription
IP Addresses-i IP addressFalse1.4.7Only impact traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24).
Device-d interfaceFalseDevice discovery0.0.1Impact traffic over this network interface.
Protocol-P {TCP, UDP, ICMP}Falseall1.4.7Only impact a specific protocol.
ProvidersWebUI and API OnlyFalse0.0.1External service providers to affect.
TagsWebUI and API OnlyFalse0.0.1Only impact traffic to hosts running Gremlin clients associated with these tags.
Length-l intFalse601.4.7The length of the attack (seconds).