On Sun, 30 May 1999, Sebastian wrote: > > keywords: some dns packet decoders (sniffers, ids systems (?), dns > servers) may be vulnerable to malformed compressed domain names > inside dns packets. > > sorry aleph1, if this has already been known or posted =) > > > hi, > > as I played with the DNS RFC (1035 especially) i came up with the idea to > create malformed compressed dns domains inside the DNS packet to make it > impossible for the DNS packet decoder to decompress it, which might lead > to a denial of service attack. Another thing to remember is that it is possible to put ABSOLUTELY ANYTHING inside a DNS domain name. This includes whitespace, control characters, and even NULL. Imagine what could happen if some program did a strcmp() on the following name: rs.internic.net\0.xa.net where, of course, \0 is a null Interested readers may ponder what type of programs may be exploited with this type of attack.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:01 PDT