« Home

Cracking MD5 passwords yourself »Hacking Cardomain and Facebook »Formatted String Exploit »A new weblog » 

DNS protocol denial of service

Published 7.26.2005 by jm | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...


This issue was identified by Dr. Steve Beaty from the Department of Mathematical and Computer Sciences at the Metropolitan State College of Denver. Many vendors include support for this protocol in their products and may be impacted to varying degrees.

The Domain Name System (DNS) protocol is an Internet service that translates domain names into Internet Protocol (IP) addresses. Because domain names are alphabetic, they're easier to remember, however the Internet is really based on IP addresses; hence every time a domain name is requested, a DNS service must translate the name into the corresponding IP address.

The vulnerability concerns the recursion process used by some DNS implementations to decompress compressed DNS messages. Under certain circumstances, it is possible to cause the DNS server to terminate abnormally.

Exploit:

The text portions of DNS messages are specified by first giving the character count, followed by the characters themselves. For example to specify 'test.test.com', the message would look like '0x04test0x04test0x03com0x00' using 16-bit numbers. From RFC1035, Section 4.1.4 "Message Compression" specifies a way to create smaller messages so that they can easily fit into a DNS UDP packet. Hence if the top two bits of the label length byte are 1, the remaining 14 bits specify an offset from the beginning of the text on where the remaining characters can be found. This way, redundant information can be removed and hence create a smaller message.

Given this type of DNS message, the most obvious method to decode it is by using recursion. However consider a message that contains a code that instructs the DNS process to go to an illegal address once the end of the string is reached; if recursion is used to decode such a message, some DNS implementation may enter into a loop and eventually exhaust the stack. If this happens, then it would be possible for the DNS service to terminate and hence cause a denial-of-service condition.

    If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

Previous hacks

Previous Hacks



    This link kills spam


    spam IP addresses


    These are sites I block at my firewall.

    cdn2.gms1.net
    gms1.net
    servedby.advertising.com
    advertising.com
    a.tribalfusion.com
    tribalfusion.com
    pimpslord.com
    altfarm.mediaplex.com
    mediaplex.com
    ad.yeildmanager.com
    yeildmanager.com
    doubleclick.net
    isg32.casalemedia.com
    casalemedia.com

    Cost of the War in Iraq
    (JavaScript Error)

Two very recommended books:


. . The only hacking forum I have found worth mentioning here