[dns-operations] adns vuln posted

Paul Vixie vixie at isc.org
Mon Aug 4 14:27:41 UTC 2008

at <http://downloads.securityfocus.com/vulnerabilities/exploits/30131_zmda.c>
we see that the "adns" asynchronous stub resolver has enough of a following to
deserve its own exploit.  anybody know the author?  this oughta get fixed.


/* h0dns_spoof.c - zmda - saik0pod at yahoo.com
 *   - spoof dns on ircd's using the h0dns code
 *   - spoof dns on anything using the adns (asynchronous dns resolver) code
 *   - The bug:
 *       - Static source port used by the adns code
 *       - Sequential DNS ids in request packets
 *   - Initiate sequence to trigger a dns lookup by the adns resolver. Send
 *     the same range of spoofed DNS ids in a constant flood spoofed as the
 *     primary DNS server for the host. Even a local DNS request will take
 *     long enough to allow some amount of the spoofed DNS responses
 *     through before the primary DNS responds. Since the resolver does not
 *     cache results, the dns lookups can be triggered until the DNS id is
 *     incremented within the DNS id range being spoofed.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the dns-operations mailing list