[17981] in bugtraq
Re: Killing ircds via DNS
daemon@ATHENA.MIT.EDU (Adam J Herscher)
Sun Dec 10 17:07:18 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.SOL.4.30.0012080824400.11560-100000@darius.engin.umich.edu>
Date: Fri, 8 Dec 2000 08:26:05 -0500
Reply-To: Adam J Herscher <ahersche@ENGIN.UMICH.EDU>
From: Adam J Herscher <ahersche@ENGIN.UMICH.EDU>
X-To: "van der Kooij, Hugo" <Hugo.van.der.Kooij@CAIW.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0012062210081.21805-100000@bastion.hugo.vanderkooij.org>
The word is that the only vulnerable ircds are ones based on the original
dalnet ircd df. Hybrid code, comstud code, etc are not affected by this
bug.
it's archaic.
On Wed, 6 Dec 2000, van der Kooij, Hugo wrote:
> On Wed, 6 Dec 2000, David Luyer wrote:
>
> > The bug is triggered by returning a 128-byte answer to an A-record query, eg,
> > a 128-byte A-record response to a reverse DNS lookup on the client IP. The
> > fix should be self-evident.
>
> I'm not that good in coding.
>
> But isn't requesting an A record a normal DNS request? (Get an IP address
> by the given name.) A reverse DNS query would be for a PTR record.
> (Getting the name by an IP address.)
>
> Hugo.
>
> --
> Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
> hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
> --------------------------------------------------------------
> This message has not been checked and may contain harmfull content.
>
