Bugtraq mailing list archives
Flaw in DNS
From: prj () NLS NET (Phillip R. Jaenke)
Date: Mon, 6 Oct 1997 12:52:27 -0400
This is a fun little flaw, and it applies to all daemons. Even NT's pseudo-daemon. gw: {1} % nslookup 207.206.37.250 Server: gw.pcimporters.com Address: 207.206.76.1 Name: 127.0.0.1 Address: 207.206.37.250 Believe it or not, this WILL resolve on most systems. 207.206.37.250 is my routed IP reserved for the other machines I have here. So, basically, I can hop on IRC as root@127.0.0.1. Doesn't do much, except for vanity. Now, think carefully about this. What happens if I do something like this?: gw: {1} % nslookup 207.206.37.250 Server: gw.pcimporters.com Address: 207.206.76.1 Name: 192.168.1.1 Address: 207.206.37.250 With a former coworker, we've seen that this WILL resolve 99% of the time. It will also cause various maladies. Hop on IRC, it tries to send an identd request to the resolved host. It gets an unreachable. Ping the box. If it resolves, and tries to reply to the resolved address... well, let's just say it could be quite painful. And it's dangerously easy to implement. Just add an A record for your IP that points to another. There's various ways you can do it to cause problems. Unroutable IPs Localhost IPs ARPA's (ie; 250.37.206.207.in-addr.arpa) Invalid Names (ie; nice.try) -Phillip R. Jaenke [InterNIC Handle: PRJ5] (prj () nls net) MIS Department, PC Importers, Inc. 800.319.9284, x4262 "Why do you pay tax on Spam? It's a non-food product!"
Current thread:
- Flaw in DNS Phillip R. Jaenke (Oct 06)