[1191] in bugtraq
Re: Re: COPS reporting unrestricted NFS exports under Linux
daemon@ATHENA.MIT.EDU (der Mouse)
Mon Mar 6 23:51:48 1995
Date: Mon, 6 Mar 1995 22:52:54 -0500
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bugtraq@fc.net
>> [...] I could change some records in my DNS maps and rename my
>> machine like so:
>> 3.100.212.129.in-addr.arpa IN PTR me.foo.com
>> TO
>> 3.100.212.129.in-addr.arpa IN PTR #
> It was my understanding that recent versions of BIND do not allow
> characters like '#' in hostnames. Is Linux delivered with an old
> BIND that does?
Is that "do not allow...'#' in hostnames" as in "do not accept zone
files with such names" or "do not accept replies containing such
names"? Obviously, there is a big difference, and it seems likely to
me that the former is what was implemented, while it's the latter
that's important for our purposes here. We must assume the attacker's
entire machine is overtly hostile; it may be running a hacked bind, or
it may be using something other than bind for DNS...either way, we must
assume it can produce DNS replies containing such names.
der Mouse
mouse@collatz.mcrcim.mcgill.edu
