fernandoBN.PT

• Next message: Ghory, Zeshan A: "Re: Kill the DOG and win 100 000 DM"
• Previous message: Jon Larimer: "Re: Kill the DOG and win 100 000 DM"
• Maybe in reply to: Fabio Pietrosanti (naif): "Possible DOS in Bind 8.2.2-P5"
• Next in thread: Tomasz Grabowski: "Re: Possible DOS in Bind 8.2.2-P5"
• Maybe reply: Fernando Cardoso: "Re: Possible DOS in Bind 8.2.2-P5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just tried on RedHat 6.0. No DoS...

[rootdns1 /root]# named-xfer -z xxx.org -d 9 -f dump_dns -Z dns2 -l log.dns

[rootdns1 /root]# cat log.dns.knvl2m
domain `xxx.org'; file `dump_dns'; serial 0
zone found (2): "xxx.org", source = dump_dns
Arg: "dns2" AXFR
addrcnt = 1
getzone() xxx.org secondary
address [x.x.x.2] AXFR
connecting to server #1 [x.x.x.2].53
len = 154
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62154
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; xxx.org, type = SOA, class = IN
xxx.org. 1D IN SOA dns1. mesomewhere.pt. (
                                        200000000 ; serial
                                        8H ; refresh
                                        2H ; retry
                                        1W ; expiry
                                        1D ) ; minimum

xxx.org. 1D IN NS dns1
xxx.org. 1D IN NS dns1
dns1 1D IN A x.x.x.1
dns2 1D IN A x.x.x.2
need update, serial 200000000
send ZXFR query to x.x.x.2
bufsize = 1024
close(5) succeeded
error receiving zone transfer

[rootdns2 fernando]# tail /var/log/messages
Nov 8 11:07:56 dns2 named[309]: approved ZXFR from [x.x.x.1].1793 for
"xxx.org"
Nov 8 11:07:56 dns2 named[309]: unsupported XFR (type ZXFR) of "xxx.org"
(IN) to [x.x.x.1].1793

Fernando

_________________________________________________________
Fernando Cardoso Phone: +351 21 7982186
Network Administrator Fax: +351 21 7982185
National Library E-mail: fernandobn.pt
Portugal PGP ID: 28551CB8

>
> Hi,
> playing with bind and ZXFR feature ( zone transfer compressed
> with a possible insecure
> execlp("gzip", "gzip", NULL); ), i discovered a Denial Of
> Service against Bind 8.2.2-P5 .
>
> By default Bind 8.2.2-P5 it's not compiled with ZXFR support
> unless you define it with #define BIND_ZXFR
> so it will refuse any ZXFR transfer, because it doesn't support it.
> But now what appens? Look here...
> [...]

• Next message: Ghory, Zeshan A: "Re: Kill the DOG and win 100 000 DM"
• Previous message: Jon Larimer: "Re: Kill the DOG and win 100 000 DM"
• Maybe in reply to: Fabio Pietrosanti (naif): "Possible DOS in Bind 8.2.2-P5"
• Next in thread: Tomasz Grabowski: "Re: Possible DOS in Bind 8.2.2-P5"
• Maybe reply: Fernando Cardoso: "Re: Possible DOS in Bind 8.2.2-P5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]