oss-sec mailing list archives
Re: PowerDNS Security Advisory 2014-02
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 9 Dec 2014 09:22:28 +0100
On Tue, 9 Dec 2014 08:16:20 +0100 Peter van Dijk <peter.van.dijk () netherlabs nl> wrote:
Somebody asked me to (help him) check djbdns today, which we’ll do. Any other implementations you are interested in? I have a lab setup for this issue so I’m happy to check.
I think dnsmasq would be interesting. Don't know which servers from the proprietary world may be worth investigating.
And is this only a DoS for the attacked server or would it also allow some completely new kind of DNS reflection attack (i.e. generating a loop where every loop iteration generates an UDP packet send to a victim)?I’m convinced the loop could involve unwilling victims (unless they send responses that break the loop!), but I have not tried this in practice.
However that would be very interesting to know. DNS reflection attacks are a big thing, if they could be amplified with a loop on the resolver that'd almost certainly boost this issue to a whole new level. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 12)