Bugtraq mailing list archives

Re: Killing ircds via DNS

From: David Luyer <david_luyer () PACIFIC NET AU>
Date: Fri, 8 Dec 2000 23:39:21 +1100

Hugo van der Kooij wrote:

On Wed, 6 Dec 2000, David Luyer wrote:

The bug is triggered by returning a 128-byte answer to an A-record query, eg,
a 128-byte A-record response to a reverse DNS lookup on the client IP.  The
fix should be self-evident.


I'm not that good in coding.

But isn't requesting an A record a normal DNS request? (Get an IP address
by the given name.) A reverse DNS query would be for a PTR record.
(Getting the name by an IP address.)


Sure.  But the routine parses the returned packet, it doesn't matter what the
query was.  So even if it's a PTR query, an A response is still parsed and
still overflows the reply buffer.

David.
--
David Luyer                                        Phone:   +61 3 9674 7525
Senior Network Engineer        P A C I F I C       Fax:     +61 3 9699 8693
Pacific Internet (Australia)  I N T E R N E T      Mobile:  +61 4 1111 2983
http://www.pacific.net.au/                         NASDAQ:  PCNTF

Current thread:

Killing ircds via DNS David Luyer (Dec 07)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)
  - Re: Killing ircds via DNS David Luyer (Dec 11)
  - Re: Killing ircds via DNS Adam J Herscher (Dec 11)
  - Re: Killing ircds via DNS Robert Feldbauer (Dec 11)
- Re: Killing ircds via DNS Piotr Kucharski (Dec 11)
  - Re: Killing ircds via DNS David Luyer (Dec 12)
    - Re: Killing ircds via DNS Darren Reed (Dec 13)
  - Re: Killing ircds via DNS Chris Mason (Dec 12)
    - Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below. Tom Pickles (Dec 13)
    - Re: Killing ircds via DNS Sean Kelly (Dec 13)