Bugtraq mailing list archives
DoS for web by failing reverse DNS?
From: shadow () DEMENTIA ORG (Derrick J Brashear)
Date: Fri, 16 Jun 2000 01:46:57 -0400
A few weeks ago I set up a VPN tunnel and tunneled 16 IP addresses onto a LAN. At the time none of these addresses reverse-resolved to anything. I noticed upon connecting to some web servers that a connection was opened and then hung forever, while others were fine. Some experimentation showed that by using a proxy in the same network where the only apparently difference was that the IP reverse-resolved to something, the requests were serviced successfully. 2 weeks ago reverse records were added for the hosts in question. As of tonight many web sites still display the "hang forever" behavior. I can verify that the correct in-addr.arpa data is being served for these addresses from the appropriate delegated name servers, and it's been verified by others around the net. It seems that something is caching negative DNS lookups for quite some time, and as yet I have been unable to get any help from any of the sites which are exhibiting this problem in tracking down if it's some sort of local software configuration issue or some big ISP has a poorly configured name server. Still, this seems to me to be a problem: make sure a machine won't reverse resolve by attacking its authoritative in-addr.arpa zone servers and the users of that IP address effectively can't use large portions of the web. As of this moment, a random selection of sites never returning any data: www.etoys.com freshmeat.net www.slashdot.org Any suggestions which people might offer for tracking down this problem would be appreciated; Administrators of several of the web servers to which access hangs forever have failed to reply to queries by email, so I'm stuck on how to proceed. -D
Current thread:
- Vulnerabilities in Norton Antivirus for Exchange Jim Rosenberg (Jun 14)
- Re: Vulnerabilities in Norton Antivirus for Exchange Chris Timmons (Jun 15)
- DoS for web by failing reverse DNS? Derrick J Brashear (Jun 15)
- <Possible follow-ups>
- FW: Vulnerabilities in Norton Antivirus for Exchange Mike Giordano (Jun 21)
- Re: Vulnerabilities in Norton Antivirus for Exchange Prosser, Mike (Jun 28)