CVE-2006-0987

ISC BIND - Denial of Service via DNS Query Traffic Amplification

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-0987. PoCs published by pcastagnaro, including Metasploit module auxiliary/scanner/dns/dns_amp.

AI-analyzed exploit summary This repository contains a Python-based scanner designed to detect DNS servers vulnerable to amplification attacks by sending crafted DNS queries and analyzing response sizes. It does not exploit the vulnerability but identifies misconfigured DNS resolvers that could be used in DDoS attacks.

Description

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Exploits (2)

nomisec SCANNER 1 stars
by pcastagnaro · poc
https://github.com/pcastagnaro/dns_amplification_scanner

This repository contains a Python-based scanner designed to detect DNS servers vulnerable to amplification attacks by sending crafted DNS queries and analyzing response sizes. It does not exploit the vulnerability but identifies misconfigured DNS resolvers that could be used in DDoS attacks.

Classification
Scanner 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: DNS servers (misconfigured/open resolvers)
No auth needed
Prerequisites: List of domains to test · Target DNS server IP address
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dns/dns_amp.rb

This Metasploit module scans for DNS servers vulnerable to amplification attacks by sending crafted DNS queries and analyzing responses for recursion availability and amplification potential.

Classification
Scanner 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: DNS servers with recursive name lookups enabled
No auth needed
Prerequisites: Network access to target DNS servers · UDP port 53 accessibility
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://kb.isc.org/article/AA-00269
Various Sources x_refsource_misc
http://dns.measurement-factory.com/surveys/sum1.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426368/100/0/threaded
Patch, Vendor Advisory x_refsource_misc
http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

Scores

EPSS 0.5726
EPSS Percentile 98.9%

Details

Status published
Products (1)
isc/bind 9.3.2
Published Mar 03, 2006
Tracked Since Feb 18, 2026