Identifying Every Projector and Camera on Campus!? The Shock of a DNS Brute Force Scan Using Rust

📰 News Highlights

• A student from the Colorado School of Mines discovered that every device connected to the campus network is assigned a unique subdomain.
• To break through the speed limitations of an initially Python-developed scanner, they transitioned to Rust, achieving ultra-fast performance through direct control of UDP ports and base36 conversion.
• This approach successfully identified hostnames of projectors, cameras, and personal devices on campus through brute force scanning.

💡 Key Takeaways

• Dramatic Shift from Python to Rust: Eliminated bottlenecks in permutation generation with itertools. The logic of incrementing numbers and converting to base36 minimized CPU load.
• Optimizing Asynchronous Processing: Utilized Tokio to solve a memory leak issue that reached hundreds of GB by limiting concurrency with semaphores.
• Direct Handling of NXDOMAIN: By processing DNS responses directly in Rust without relying on external filters like grep, the load on the OS was dramatically reduced.

🦈 Shark’s Perspective (Curator’s View)

The switch from Python’s itertools, which struggled with three-character identifications, to Rust’s numeric incrementing method was a sharp move! Instead of relying on a simple dictionary attack, calculating the vast combinations of 37 to the power of N was a powerful play. The implementation that directly taps UDP sockets, separating read and write in an asynchronous loop, is a textbook example of network programming brilliance! This approach cleverly exploits existing DNS limitations as a “feature,” perfectly targeting security blind spots to expose hidden devices!

🚀 What’s Next?

Network administrators must be reminded that the automatic subdomain assignment for connected devices can be a starting point for information leaks. As fast scanning tools like this Rust implementation become more widespread, the anonymity of internal networks will increasingly erode.

💬 A Word from Haru Shark

No device lurking in the deep sea of the network can escape the keen senses of Haru Shark! Crushing data with Rust’s razor-sharp teeth! 🦈🔥

📚 Terminology

• DNS Brute Force: A method of sequentially trying every potential subdomain to identify valid domains.

• NXDOMAIN: Short for “Non-Existent Domain.” An error response returned by a DNS server when the queried domain name does not exist.

• base36: A method for representing numbers using the 36 characters from 0-9 and A-Z, suitable for generating hostnames.

• Source: Gaining control of every projector and camera on campus