Security Incidents mailing list archives
Re: dns attacks
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 25 Sep 2000 21:15:12 +0200
On Mon, 25 Sep 2000, M ixter wrote:
lately, I've heard some rumours, unconfirmed however, about exploitation of an overflow in nameservers different from the old one, in older bind8 versions. as I couldn't confirm this in the source, maybe finding out if there are any active exploitation attempts of this bug might help to determine if it's a valid issue... if anyone running a secure/patched bind8 name server has recently experienced the following syslog message: Sep 25 18:12:25 host named[390]: bad iquery from <ip.address> ..it'd be interesting to hear about it.
Hi Mixter, First of all, most security experts still believe there are several bind 8.2.2p5 security holes waiting to be fixed. As an example - quick and dirty security audit performed approx. 2 months ago, shown me "DNS dynamic update" code is at least unstable (well, in fact, I'm sure it can be exploited under certain cirsumstances), but it's only an optional, experimental feature. But, at this point, noone is able to confirm specific vulnerability has been found and exploited. So, I'm not denying existence of security holes in bind - and I'm not denying existence of such holes in any other product - but I'm almost sure no vulnerability is widely known in black-hat community. There were some rumours about Apache overflows recently, as well, and I guess it's only FUD. Message you're getting isn't really unusual - I strongly suggest you playing with random DNS query flooder. We used such tool, and get several messages, some of them were much more strange for mere mortals, but weren't able to crash bind, or to DoS in any other way. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- dns attacks M ixter (Sep 25)
- Re: dns attacks Michal Zalewski (Sep 25)