Sonic scanning: when fast is not fast enough
13 Aug 2022
Comprehensive Talk
Sonic scanning: when fast is not fast enough
Jasper Insinger
Abstract
Scanning various parts of the internet is one of the fundamental techniques that security researchers or white-hat hackers use to keep the internet safe. To keep up with the increasing number of bug bounty programs and assets in general we need to level up our scanning software as well.
This talk explores the design of a high-performance DNS bruteforcer. Fundamental bottlenecks that limit current scanning software to only a fraction of line-rate scan capacity will be discussed, for example: what prevents a common DNS bruteforce tool like MassDNS from exceeding 350.000 requests per second?
Our tooling is currently capable of scanning DNS with up to 40M requests per second, which is over 100x faster than MassDNS at peak performance. The scan capacity can reach 40GbE line-level rate. All building blocks for this scanner will be discussed in the talk, such as the concurrency model and the way incoming and outgoing packets are routed in the scanner.