Full Disclosure mailing list archives
Re: Semi 0day DNS Invalid Compression attack
From: Kai <kai () rhynn net>
Date: Mon, 11 Jul 2011 17:31:10 +0400
Hi, tested on isc bind 9.7.3, on opensuse 11.4. sent a few packets to myself: --> [1000000]: (127.0.0.1)->(127.0.0.1) --> Done. and named felt beautiful along the test: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2844 named 20 0 111m 22m 2456 S 0 0.2 0:00.09 named named -V: BIND 9.7.3 built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include/bind' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl' '--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2' '--with-dlz-mysql' '--with-dlz-ldap' '--with-gssapi' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing' 'LDFLAGS=-L/usr/lib' you said that packet was like
# 4500 002b 512f 4000 3411 92a9 2989 601e
so i've changed packet header to "\x45\x00\x00\x2b\x51\x2f\x40\x00\x34\x11\x92\xa9" and length to "\x00\x4a" (74, right?) but still no look. Any thoughts? -- Cheers, Kai _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Semi 0day DNS Invalid Compression attack David (Jul 11)
- Re: Semi 0day DNS Invalid Compression attack Kai (Jul 11)
- Re: Semi 0day DNS Invalid Compression attack Francisco J . Gómez Rodríguez (Jul 14)
- Re: Semi 0day DNS Invalid Compression attack Kai (Jul 11)