Bugtraq mailing list archives
Dynamic DNS
From: jethro () DQC ORG (Jethro Tull)
Date: Sat, 28 Aug 1999 20:08:36 -0700
The following is taken directly from RFC2136. (http://www.isi.edu/in-notes/rfc2136.txt) -- 8.1. In the absence of [RFC2137] or equivalent technology, the protocol described by this document makes it possible for anyone who can reach an authoritative name server to alter the contents of any zones on that server. This is a serious increase in vulnerability from the current technology. Therefore it is very strongly recommended that the protocols described in this document not be used without [RFC2137] or other equivalently strong security measures, e.g. IPsec. 8.2. A denial of service attack can be launched by flooding an update forwarder with TCP sessions containing updates that the primary master server will ultimately refuse due to permission problems. This arises due to the requirement that an update forwarder receiving a request via TCP use a synchronous TCP session for its forwarding operation. The connection management mechanisms of [RFC1035 4.2.2] are sufficient to prevent large scale damage from such an attack, but not to prevent some queries from going unanswered during the attack. -- All Dynamic DNS services that I know of are vulnerable . I am not going to include code, but it is a trivial task to spoof a packet (UDP or TCP) with RR data in the format this RFC specifies. In other words, anyone can manipulate RR records by sending bogus data because the only authentication is IP. That is all I have to say about that. jethro "If I had of only known, I would have been a locksmith" - Albert Einstein
Current thread:
- Re: ... / wu-ftpd <=2.5 / ... Volker Borchert (Aug 25)
- Dynamic DNS Jethro Tull (Aug 28)
- Re: ... / wu-ftpd <=2.5 / ... Gregory A Lundberg (Aug 28)