Bugtraq mailing list archives
Fwd: tcpdump workaround against dnsloop exploit.
From: evil7 () BELLSOUTH NET (THE INFAMOUS)
Date: Wed, 3 May 2000 17:32:26 -0500
---------- Forwarded Message ---------- Subject: tcpdump workaround against dnsloop exploit. Date: 04 May 2000 00:32:22 +0200 From: yoann () mandrakesoft com Hi, Here is my patch to tcpdump against the dnsloop exploit... I have really no knowledge of the dns internal at all, so this is probably not ( and this is not ) the good way of preventing this. However, it work against this attack, but i hope it doesn't break anything for the printing of compressed domain name. Please remember, this is only a workaround and might break the printing of compressed domain name in tcpdump. --- print-domain.orig Wed May 3 23:33:13 2000 +++ print-domain.c Thu May 4 00:22:05 2000 @@ -150,6 +150,7 @@ { register u_int i; register const u_char *rp; + register const u_char *old = NULL; register int compress; i = *cp++; @@ -162,8 +163,17 @@ if (i != 0) while (i && cp < snapend) { if ((i & INDIR_MASK) == INDIR_MASK) { - cp = bp + (((i << 8) | *cp) & 0x3fff); - i = *cp++; + cp = bp + (((i << 8) | *cp) & 0x3fff); + + /* + * If we got two time the same data ptr, + * this mean we are looping. + */ + if ( cp == old) + return NULL; + old = cp; + + i = *cp++; continue; } if (fn_printn(cp, i, snapend)) -- -- Yoann http://www.mandrakesoft.com/~yoann/ It is well known that M$ product don't make a free() after a malloc(), the unix community wish them good luck for their future developement. ------------------------------------------------------- -- Bryan Microsoft - Bringing you yesterdays technology today and breaking it along the way...
Current thread:
- Re: Denial of service attack against tcpdump, (continued)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
- 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
- Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
- Re: glibc resolver weakness Bennett Todd (May 03)
- Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
- Re: glibc resolver weakness Andrew Brown (May 03)
- Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
- Fun with UltraBoard V1.6X rudi carell (May 03)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)
- Re: tcpdump workaround against dnsloop exploit. David Schwartz (May 06)
- NetBSD Security Advisory 2000-002 Daniel Carosone (May 06)
- [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] NHC Research (May 06)
- Re: Fwd: tcpdump workaround against dnsloop exploit. Sebastian (May 07)
- Re: Fun with UltraBoard V1.6X Juan M. Bello Rivas (May 05)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)