Sorry, hit enter in the first one thinking it would tab down. Here it is: Currently most inplementations of Dynamic DNS or "DDNS" rely upon only client IP addresses in an access list for authentication. The impact is that anyone can spoof update packets from a false source address and the server will happily accept them. I am going to include the URL to a tool that can be used to exploit the vulnerability. Hopefully vendors will strive to do what's right in a timely fasion. Spoofer Utility: http://www.3xt.org/projects Download ddns.tar.gz from there. Best Wishes, -awacs 3xT
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:00:54 PDT