OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: neme-dhcHUSHMAIL.COM
Date: Mon May 07 2001 - 19:35:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ Advisory for VdnsServer ]
     [ VdnsServer is sold by ZFC and Hughestech ]
     [ Site: http://www.zfc.com | www.hughesnet.net ]
     [ by nemesystm of the DHC ]
     [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
     [ ADV-0121 ]

    /-|=[explanation]=|-\
    Virtual DNS (Vdns) allows users with DSL & ADSL type
    connections to run their own web server with their
    own domain name. It suffers from a denial of
    service.

    /-|=[who is vulnerable]=|-\
    VdnsServer 1.0
    has been tested and was vulnerable.

    /-|=[testing it]=|-\
    By opening up a connection to 6070, sending it some
    info and then cutting of the connection, Vdns goes
    into a state of "Default.Closed" and will not allow
    any other connections.

    I have made a perl script that exploits this. It is
    in the advisory that is available on the DHC site.
    http://www.emc2k.com/dhcorp/homebrew/vdns.zip

    /-|=[fix]=|-\
    Download VdnsServer 2.0
    Free, encrypted, secure Web-based email at www.hushmail.com