Hi Andres, here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip. [23:57] * Looking up 210.193.16.22 - [23:57] * Looking up 210.193.16.23 - [23:57] * Looking up 210.193.16.24 - [23:57] * Looking up 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.22 - [23:57] * Looking up 210.193.16.26 - [23:57] * Unable to resolve 210.193.16.23 - [23:57] * Unable to resolve 210.193.16.24 - [23:57] * Unable to resolve 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.26 - Davide Del Vecchio, Dante Alighieri danteat_private ~ www.alighieri.org aT4r InsaN3 Scrive: > While checking yesterday my snort database i found some attacks from the > host 210.193.16.22 so i began to resolve the dns from the hosts with > mirc32 and i executed the following commands in the status window: > > /dns 210.193.16.22 > /dns 210.193.16.23 > /dns 210.193.16.24 > * Looking up 210.193.16.22 > * Looking up 210.193.16.23 > * Looking up 210.193.16.24 > * Unable to resolve 210.193.16.22 > /dns 210.193.16.25 > * Looking up 210.193.16.25 > * Unable to resolve 210.193.16.23 > (** MIRC CRASH**) > > every time i tried to resolve a few ips mirc32 dies. the problem seems to > be in the WSAAsyncGetHostByName() call. > i have tested this feature in both mirc 6.01 and 6.03 in diferent > computers. SO: winxp > I cant give too many information about how to reproduce it, just try to > resolve some dns like the example. > there are some mirc scripts that resolve dns after some events like ctcps > , so maybe this bug can be used remotely as a Denial of Service. > > Windbg: > 0:004> g > ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll > ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll > ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll > ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll > (794.788): Access violation - code c0000005 (first chance) > First chance exceptions are reported before any exception handling. > This exception may be expected and handled. > eax=00000000 ebx=005ea830 ecx=00000001 edx=71a42268 esi=005ea830 > edi=71a42268 > eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe > nc > cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 > efl=00010202 > *** ERROR: Symbol file could not be found. Defaulted to export symbols > for C:\WINDOWS\System32\WS2_32.dll - > WS2_32!WSAAsyncGetHostByName+407: > 71a38d72 8a10 mov dl,[eax] > ds:0023:00000000=?? > > regards > > Andres Tarascó Acuña > 3W Design Security - 2003 > > _________________________________________________________________ > MSN Compras: Veinte tiendas personales abiertas todo el día. > http://www.msn.es/compras/ >
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 15:24:46 PDT