Bugtraq mailing list archives
Dynamic DNS Vulnerability
From: awacs () 3XT ORG (3xT)
Date: Mon, 30 Aug 1999 23:36:19 -0000
Sorry, hit enter in the first one thinking it would tab down. Here it is: Currently most inplementations of Dynamic DNS or "DDNS" rely upon only client IP addresses in an access list for authentication. The impact is that anyone can spoof update packets from a false source address and the server will happily accept them. I am going to include the URL to a tool that can be used to exploit the vulnerability. Hopefully vendors will strive to do what's right in a timely fasion. Spoofer Utility: http://www.3xt.org/projects Download ddns.tar.gz from there. Best Wishes, -awacs 3xT
Current thread:
- Dynamic DNS Vulnerability 3xT (Aug 30)
- <Possible follow-ups>
- Re: Dynamic DNS Vulnerability Exchange (Sep 03)