Full Disclosure mailing list archives

Re: Exploitation of unused IPv6-capabilities

From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 20 Jan 2009 14:51:03 +0100

* Sebastian Krahmer:

What do you mean by that? I looked at the glibc resolver,
it might be that if getaddrinfo() does not get proper
ai_family arguments of AF_INET, it will accept AAAA records.
So, the application which thinks is using IPv4 DNS resolving
will eventually connect using IPv6?


The original reason for using getaddrinfo was to make applications
IPv6-aware.  In order to push at least some traffic over IPv6,
getaddrinfo implementations typically prefer IPv6 over IPv4.  However,
this comes into play only if the name has got an AAAA in the first
place, which is still rare (except perhaps for DNS and mail servers).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)
  - Re: Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Valdis . Kletnieks (Jan 19)
  - Re: Exploitation of unused IPv6-capabilities TJ (Jan 25)
- Re: Exploitation of unused IPv6-capabilities Sebastian Krahmer (Jan 20)
  - Re: Exploitation of unused IPv6-capabilities Florian Weimer (Jan 20)