mailing list archives
Re: Dynamic DNS "Spoofing" & IRC
From: Niels Bakker <niels=bugtraq () bakker net>
Date: Fri, 2 May 2003 17:18:52 +0200
* 0x90 () invisiblenet net (Intel Nop) [Fri 02 May 2003, 17:10 CEST]:
This is a trivial "feature/flaw" I've been holding onto for a bit, and it's
probably commonly known, but I haven't seen it posted anywhere, more of a
neat little thing in taking advantage of IRC and it's treatment of dyndns
within DNS if reverse lookup is possible.
By this time, your dyndns should have updated and changed your ip address to
127.0.0.1, and irc servers don't re-check after you've connected (so anyone
resolving your hostname will come up with 127.0.0.1).
You can retrieve the IP address of any user on irc via the STATS L
command (the uppercase L is important).
For privacy reasons some networks (most notably Undernet but also
Freenode) have disabled this command for users that do not have IRC
Note: some countries impose serious penalties for a conspiracy to overthrow
the political system. THIS DOES NOT FIX THE VULNERABILITY.