Full Disclosure mailing list archives
Re: Exploitation of unused IPv6-capabilities
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 20 Jan 2009 14:51:03 +0100
* Sebastian Krahmer:
What do you mean by that? I looked at the glibc resolver, it might be that if getaddrinfo() does not get proper ai_family arguments of AF_INET, it will accept AAAA records. So, the application which thinks is using IPv4 DNS resolving will eventually connect using IPv6?
The original reason for using getaddrinfo was to make applications IPv6-aware. In order to push at least some traffic over IPv6, getaddrinfo implementations typically prefer IPv6 over IPv4. However, this comes into play only if the name has got an AAAA in the first place, which is still rare (except perhaps for DNS and mail servers). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Valdis . Kletnieks (Jan 19)
- Re: Exploitation of unused IPv6-capabilities TJ (Jan 25)
- Re: Exploitation of unused IPv6-capabilities Sebastian Krahmer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities Florian Weimer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)