'Re: Dynamic DNS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Dynamic DNS
From:       Stefan Laudat <stefan () NS ! ASIT ! RO>
Date:       1999-08-31 8:35:59
[Download RAW message or body]

> 8.2. A denial of service attack can be launched by flooding an update
> forwarder with TCP sessions containing updates that the primary
> master server will ultimately refuse due to permission problems.
> This arises due to the requirement that an update forwarder receiving
> a request via TCP use a synchronous TCP session for its forwarding
> operation.  The connection management mechanisms of [RFC1035 4.2.2]
> are sufficient to prevent large scale damage from such an attack, but
> not to prevent some queries from going unanswered during the attack.

Newest versions of BIND8 die when secondary DNS authorities (or any other hosts) \
shamelessly ask for zone transfers/updates in a mass amount,although there are some \
strongly-defined acl's. The result is a BIG DoS, rising the load average to Himalaya \
and blowing up the dns server. Bug reported already,with a short and concise (should \
I say amateurish?) bounce answer: "Hell, you can DoS a lot of services that way!". \
Just imagine DNS1.microsoft.com under heavy assault.What if the next day someone \
finds a good apache DoS and gets rejected ? Oh,I remembered. Spoofed IP packets are \
the favourites of the day, you need only to attack not to listen to the last whispers \
of a dying server. You just don't want to be logged, do you ? :>

> All Dynamic DNS services that I know of are vulnerable .
> I am not going to include code, but it is a trivial task to spoof a packet
> (UDP or TCP) with RR data in the
> format this RFC specifies.  In other words, anyone can manipulate RR
> records by sending bogus data
> because the only authentication is IP.

Good old juggernaut should be enough for that >=-). For kiddies it's reccomended to \
read RFC's and assemble packets on their own, there are a lot of packet-assembling \
tools on the Net.


--

Stefan Laudat
Data Networks Analyst
ASIT SA
----------------------------------------------------------------
Skills page http://www.tekmetrics.com/transcript.shtml?pid=30777
----------------------------------------------------------------

!07/11 PDP a ni deppart m'I  !pleH


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic