[dns-operations] adns vuln posted
Paul Vixie
vixie at isc.org
Mon Aug 4 14:27:41 UTC 2008
at <http://downloads.securityfocus.com/vulnerabilities/exploits/30131_zmda.c>
we see that the "adns" asynchronous stub resolver has enough of a following to
deserve its own exploit. anybody know the author? this oughta get fixed.
fyi:
/* h0dns_spoof.c - zmda - saik0pod at yahoo.com
* - spoof dns on ircd's using the h0dns code
*
* - spoof dns on anything using the adns (asynchronous dns resolver) code
*
* - The bug:
* - Static source port used by the adns code
* - Sequential DNS ids in request packets
*
* - Initiate sequence to trigger a dns lookup by the adns resolver. Send
* the same range of spoofed DNS ids in a constant flood spoofed as the
* primary DNS server for the host. Even a local DNS request will take
* long enough to allow some amount of the spoofed DNS responses
* through before the primary DNS responds. Since the resolver does not
* cache results, the dns lookups can be triggered until the DNS id is
* incremented within the DNS id range being spoofed.
*/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the dns-operations
mailing list