[Competition Bug]: DNS Server Spoofed Request Amplification DDoS

[GalihNugraha22]

Prerequisites

• [X] You confirm that your bug is available through the Chrome browser accessed by a Desktop computer.
• [X] You read the guidelines for contributing.
• [X] You are able to reproduce the problem in the latest version of Sinfonia.
• [X] You checked that the problem has not yet been reported (also through closed issues).

Describe the exact steps to reproduce the problem in as many details as possible

Restrict access to your DNS server from public network or reconfigure it to reject such queries.

Describe the issue behavior

Risk Factor: Medium

The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.

BitSong Public Address

bitsong1a0c5a287ytyklrscpaydjaerfe92e0zxjngf7u

Osmosis Public Address

osmo1es7ch3ytg2laeall703u87agmq4lr6zdw3vw6j

Which browser are you using?

Google Chrome

Which is your browser version?

101.0.4951.54

Which kind of device are you using?

Desktop

Are you using a ledger?

No

Which is your ledger version?

No response

Agree the Competition Rules

• [X] You agree the competition rules

[giorgionocera]

"Restrict access to your DNS server from public network or reconfigure it to reject such queries."

This is not an issue related to Sinfonia. It is related to the provider (Cloudflare).