Re: bind9 crash

["White Hat" <whitehat237 () gmail com>]

One thing to keep in mind:

If the bind9 server has TCP SYN cookies enabled, (It's not enabled by
default) a TCP syn half open flood probably won't work.

You can check this by sending TCP packets with a maximum segment size
> 8 in the options field of the packet.

Then examine the packets sent back to you by the bind9 server with
wireshark or similar protocol analysis tool, to determine if your MSS
value was accepted or if the remote server set it to a value < 8


On Thu, Jul 10, 2008 at 9:46 AM, Ron Gutierrez <rgutie01 () gmail com> wrote:
> I'm working on a project that requires me to find some ways to cause mayhem
> to a network.
> I'm trying to knock down a bind9 server and so far have been unsuccessful.
> I'm running it on a server with 64 mb ram so that hopefully that would make
> it easier to knock down with a small ddos attack but so far its only taking
> up 6 percent of the memory with the amount queries I've been throwing at.
>
> I'm not much a DNS guy. Do any of you guys know any bad bind configurations
> that could cause it to perform terribly to the point that it'll crash.
> Also If you know any for bind8 I could always switch to that. Thanks
>
> --
> Ron Gutierrez
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------