Bugtraq mailing list archives
Re: Killing ircds via DNS
From: David Luyer <david_luyer () PACIFIC NET AU>
Date: Fri, 8 Dec 2000 23:39:21 +1100
Hugo van der Kooij wrote:
On Wed, 6 Dec 2000, David Luyer wrote:The bug is triggered by returning a 128-byte answer to an A-record query, eg, a 128-byte A-record response to a reverse DNS lookup on the client IP. The fix should be self-evident.I'm not that good in coding. But isn't requesting an A record a normal DNS request? (Get an IP address by the given name.) A reverse DNS query would be for a PTR record. (Getting the name by an IP address.)
Sure. But the routine parses the returned packet, it doesn't matter what the query was. So even if it's a PTR query, an A response is still parsed and still overflows the reply buffer. David. -- David Luyer Phone: +61 3 9674 7525 Senior Network Engineer P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF
Current thread:
- Killing ircds via DNS David Luyer (Dec 07)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)
- Re: Killing ircds via DNS David Luyer (Dec 11)
- Re: Killing ircds via DNS Adam J Herscher (Dec 11)
- Re: Killing ircds via DNS Robert Feldbauer (Dec 11)
- Re: Killing ircds via DNS Piotr Kucharski (Dec 11)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS Darren Reed (Dec 13)
- Re: Killing ircds via DNS Chris Mason (Dec 12)
- Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below. Tom Pickles (Dec 13)
- Re: Killing ircds via DNS Sean Kelly (Dec 13)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)