Bugtraq mailing list archives
BIND ID Brute Force Fix
From: vermont () gate net (Illuminati Primus)
Date: Sun, 27 Apr 1997 04:13:03 -0400
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime () docserver cac washington edu for more info. ---941424629-1004745063-862128783=:38774 Content-Type: TEXT/PLAIN; charset=US-ASCII Here is a patch I hacked together to deal with an ID brute force attempt. The patch is against a clean BIND 8.1-T2B without any other patches. I just finished compiling this (and I must say the BIND source was very nicely made), but havent tried testing it AT ALL.. So if it results in your house blowing up and becoming a gateway for the Spawn of Hell, dont blame me. Besides, the sun is going to rise in a few hours and all I had to eat were some chocolate cookies. -vermont () gate net, aspiring mongoloid programmer PD Shameless plug: would like a decent internet security related job.. Young and willing to learn ---941424629-1004745063-862128783=:38774 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="anti-brute.patch" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.A32.3.93.970427041303.38774P () inca gate net> Content-Description: An evil mime attachment ZGlmZiAtdSAuLi9vbGQtbmFtZWQvbnNfZm9ydy5jIC4vbnNfZm9ydy5jDQot LS0gLi4vb2xkLW5hbWVkL25zX2ZvcncuYwlXZWQgSmFuIDI5IDA0OjAxOjQ5 IDE5OTcNCisrKyAuL25zX2ZvcncuYwlTdW4gQXByIDI3IDAzOjQyOjM2IDE5 OTcNCkBAIC0xMDA1LDYgKzEwMDUsMTkgQEANCiB9DQogDQogc3RydWN0IHFp bmZvICoNCitxYXBwcm94ZnJvbShzdHJ1Y3QgaW5fYWRkciBhZGRyZXNzKSB7 DQorCXN0cnVjdCBxaW5mbyAqcXA7DQorDQorCWZvciAocXAgPSBuc3FoZWFk OyBxcCAhPSBOVUxMOyBxcCA9IHFwLT5xX2xpbmspDQorCQlpZiAoaW5hX2Vx dWFsKHFwLT5xX2FkZHJbcXAtPnFfY3VyYWRkcl0ubnNfYWRkci5zaW5fYWRk ciwNCisJCQlhZGRyZXNzKSkNCisJCQlicmVhazsNCisJbnNfZGVidWcobnNf bG9nX2RlZmF1bHQsIDMsICJxYXBwcm94ZnJvbSglcykgLT4gJSNseCIsDQor CQkgaW5ldF9udG9hKGFkZHJlc3MpLCAodV9sb25nKXFwKTsNCisJcmV0dXJu IChxcCk7DQorfQ0KKw0KK3N0cnVjdCBxaW5mbyAqDQogcW5ldyhjb25zdCBj aGFyICpuYW1lLCBpbnQgY2xhc3MsIGludCB0eXBlKSB7DQogCXN0cnVjdCBx aW5mbyAqcXA7DQogDQpkaWZmIC11IC4uL29sZC1uYW1lZC9uc19mdW5jLmgg Li9uc19mdW5jLmgNCi0tLSAuLi9vbGQtbmFtZWQvbnNfZnVuYy5oCVRodSBK YW4gMzAgMTQ6MTI6NDIgMTk5Nw0KKysrIC4vbnNfZnVuYy5oCVN1biBBcHIg MjcgMDM6NDk6NTYgMTk5Nw0KQEAgLTE3NCw2ICsxNzQsNyBAQA0KICAgICAg ICAgICAgICAgICAgICAgICAgIG5zZnJlZShzdHJ1Y3QgcWluZm8gKiwgY2hh ciAqKSwNCiAJCQlxZnJlZShzdHJ1Y3QgcWluZm8gKik7DQogZXh0ZXJuIHN0 cnVjdCBxaW5mbwkqcWZpbmRpZCh1X2ludDE2X3QpLA0KKwkJCSpxYXBwcm94 ZnJvbShzdHJ1Y3QgaW5fYWRkciksDQogCQkJKnFuZXcoY29uc3QgY2hhciAq LCBpbnQsIGludCk7DQogLyogLS1mcm9tIG5zX2ZvcncuYy0tICovDQogDQpk aWZmIC11IC4uL29sZC1uYW1lZC9uc19yZXNwLmMgLi9uc19yZXNwLmMNCi0t LSAuLi9vbGQtbmFtZWQvbnNfcmVzcC5jCVRodSBKYW4gMzAgMTQ6MTI6NDQg MTk5Nw0KKysrIC4vbnNfcmVzcC5jCVN1biBBcHIgMjcgMDQ6MDU6NTAgMTk5 Nw0KQEAgLTI3NCwxNSArMjc0LDQ2IEBADQogCXN0cnVjdCBmd2RpbmZvICpm d2Q7DQogCXN0cnVjdCBkYXRhYnVmICpkcDsNCiAJaW50IGZvcmNlY21zZyA9 IDA7DQorCXN0YXRpYyBpbnQgc3Bvb2ZzID0gMDsgLyogTnVtYmVyIG9mIHNw b29mcyB3ZSByZWNlaXZlICovDQogDQogCW5hbWVzZXJJbmNyKGZyb20uc2lu X2FkZHIsIG5zc1JjdmRSKTsNCiAJbnNwWzBdID0gTlVMTDsNCiAJaHAgPSAo SEVBREVSICopIG1zZzsNCiAJaWYgKChxcCA9IHFmaW5kaWQoaHAtPmlkKSkg PT0gTlVMTCApIHsNCi0JCW5zX2RlYnVnKG5zX2xvZ19kZWZhdWx0LCAxLCAi RFVQPyBkcm9wcGVkIChpZCAlZCkiLA0KLQkJCSBudG9ocyhocC0+aWQpKTsN Ci0JCW5hbWVzZXJJbmNyKGZyb20uc2luX2FkZHIsIG5zc1JjdmREdXBSKTsN Ci0JCXJldHVybjsNCisJCS8qIA0KKwkJICogRml4IHRvIHJlY29nbml6ZSBh IGJydXRlIGZvcmNlIGF0dGVtcHQgYW5kIHJlc29ydCB0bw0KKwkJICogVENQ IHF1ZXJpZXMgd2hlbiBkaXNjb3ZlcmVkLiAgSWYgdGhhdCBmYWlscywgaXQg cmVtb3Zlcw0KKwkJICogdGhlIHJlcXVlc3QgdGhhdCB0aGUgYXR0YWNrZXIg aXMgdHJ5aW5nIHRvIGZvcmdlIGFuDQorCQkgKiBhbnN3ZXIgdG8gc28gdGhh dCBmdXJ0aGVyIGF0dGVtcHRzIHdpbGwgZmFsbCBvbiBkZWFmDQorCQkgKiBl YXJzLg0KKwkJICogQnkgVmVybW9udCBSdXRoZXJmb29yZCAodmVybW9udEBn YXRlLm5ldCkuDQorCQkgKi8NCisNCisJCS8qIHRyeSB0byBmaW5kIHdoYXQg cXVlcnkgdGhleSBhcmUgdHJ5aW5nIHRvIHNwb29mICovDQorCQlpZiAoKHFw ID0gcWFwcHJveGZyb20oZnJvbS5zaW5fYWRkcikpID09IE5VTEwgKSB7DQor CQkJLyogQ291bGRudCBmaW5kIGFueSAqLw0KKwkJCW5zX2RlYnVnKG5zX2xv Z19zZWN1cml0eSwgMSwNCisJCQkJIkxhbWUgQXR0ZW1wdCBhdCBJRCBTcG9v Zi9EdXBsaWNhdGUgcmVwbHkgZnJvbSBkZWFkIHF1ZXJ5Iik7DQorCQkJbmFt ZXNlckluY3IoZnJvbS5zaW5fYWRkciwgbnNzUmN2ZER1cFIpOw0KKwkJCXJl dHVybjsNCisJCX0gZWxzZSB7IC8qIFNvbWVvbmUgaXMgdHJ5aW5nIHRvIGJl IGVsZWV0ICovDQorCQkJbnNfZGVidWcobnNfbG9nX3NlY3VyaXR5LCAxLA0K KwkJCQkiUmVjZWl2ZWQgQXR0ZW1wdGVkIElEIFNwb29mLCByZXRyeWluZyB3 aXRoIFRDUCIpOw0KKwkJCS8qIGhvcGVmdWxseSB0aGlzIGlzIGJlaW5nIGRv bmUgY29ycmVjdGx5ICovDQorCQkJaWYgKCEocXAtPnFfZmxhZ3MgJiBRX1VT RVZDKSkgew0KKwkJCQlxcC0+cV9mbGFncyB8PSBRX1VTRVZDOw0KKwkJCQl1 bnNjaGVkKHFwKTsNCisJCQkJc2NoZWRyZXRyeShxcCwgNjApOw0KKwkJCQlp ZiAodGNwX3NlbmQocXApICE9IE5PRVJST1IpDQorCQkJCQkvKg0KKwkJCQkJ ICogRC1vaC4gT3VyIGxhc3QgcmVzb3J0IGZhaWxlZCFADQorCQkJCQkgKiBS ZW1vdmUgZnJvbSBxdWV1ZSB0byBwcmV2ZW50DQorCQkJCQkgKiBicnV0ZSBm b3JjZSBmcm9tIHN1Y2NlZWRpbmcuDQorCQkJCQkgKi8NCisJCQkJCXFyZW1v dmUocXApOw0KKwkJCX0NCisJCQlyZXR1cm47DQorCQl9DQogCX0NCiANCiAJ bnNfZGVidWcobnNfbG9nX2RlZmF1bHQsIDIsICJSZXNwb25zZSAoJXMgJXMg JXMpIG5zaWQ9JWQgaWQ9JWQiLA0K ---941424629-1004745063-862128783=:38774--
Current thread:
- Re: CPSN 4-970424: Possible buffer overflow in pop3d, (continued)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Johannes Erdfelt (Apr 28)
- Overflow in xlock George Staikos (Apr 26)
- Re: Overflow in xlock David Hedley (Apr 27)
- Re: Overflow in xlock Bollinger (Apr 27)
- Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- BIND ID Brute Force Fix Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)