BIND and multicast requests

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Mon Sep 20 15:59:30 CEST 2010


On Mon, 20 Sep 2010 08:23:53 -0300
Fernando Gont <fernando at gont.com.ar> wrote:

> Hi, folks,
> 
> [H D Moore, 2008] found that some versions of BIND respond to UDP-based
> requests directed to IPv6 multicast addresses.
> 
> As far as I can see, this is a bug in BIND (or am I missing something?)
> Does anybody knows if this has been fixed? Any bug report or the like
> published about this issue?
> 

The document seems to be observing it as a difference in
behaviour rather than saying what security issue it creates. I'm not
sure I can think of any sort of security issue other than an "all BIND
servers" multicast amplification attack, which would be a pretty weak
one I'd think, because there typically wouldn't be many DNS servers to
solicit responses from.

Any of the other all-scope multicast groups might be as much of or more
of an issue, if there are enough group members available within the
scope and the source address of the request is spoofed.


> Note:
> H D Moore. 2008. Exploiting Tomorrow’s Internet Today: Penetration
> Testing with IPv6. Available at: http://uninformed.org/?v=10&a=3&t=pdf
> 
> Thanks!
> 
> Kind regards,
> -- 
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at acm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> 
> 
> 
> 


More information about the ipv6-ops mailing list