Preface: DNS Internet not 4 bytesLogo -Internet Security Systems

DNS Internet not 4 bytes
advICE :Intrusions : 2000406
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

This may be a possible buffer overflow attempt.

Details

All named sites on the net must eventually be "resolved" into an IP address. This is like the sites Internet "phone number". All IP addresses are exact 4-bytes long. However, while all IP addresses are in practice only 4-bytes long, the DNS server allows any sized address to be transfered within the field.

A common programming mistake is to make the assumption that a DNS server will only return exactly 4-bytes. A hostile intruder could create a special DNS server that will return more than this amount in a manner designed to break into your system.

This alert triggers whenever a IP address field is seen that isn't exactly 4-bytes long.

 more information
NAI Advisory: 001   Vulnerability in Unchecked DNS Data
 
CVE-1999-0101   Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
 
DNS  
More about the DNS service.  

 parametric information
lengthThe length of the Internet address.

 
Version appeared:
Privacy Policy |  Copyright Info