|
I did a test to check if powerdns could sustain a simple DOS-like attack to it. That test was to simply send a bunch of junk to the server and see if it would fail to work. That test made powerdns fail a miserable death. The resulting actions below is how I came accross the failure:dd if=/dev/urandom bs=10000000 | nc -u 192.168.0.1 53 > /dev/null
Which resulted in a lot of chatter from pdns, mostly failed queries, unknown opcodes, etc. If you test this like I did, you'll see all of it better than I could paste it.
Doing the same thing using:
dd if=/dev/urandom bs=10000000 | nc 192.168.0.1 53 > /dev/null
Which is using TCP, instead of UDP, resulted simply in:
Sep 18 15:36:12 valhalla pdns[46886]: Received an overly large question from 208.180.236.82, dropping
That concludes my bug report. Hope it helps.
Eric Renfro
|
2004-Sep-19 23:57:17 by anonymous:
Just did a quick test on my system and I found a crash in an infinite recursion in DNSPacket::expand. The following line in the method DNSPacket::expand should be changed:expand((unsigned char *)stringbuffer.c_str()+labelOffset,end,expanded,depth++);I guess "depth++" should be changed to "depth+1" here (because otherwise depth is only incremented after the recursion and the check (depth>10) will never be true).
Type: event Version: 2.9.16 Status: fixed Created: 2004-Sep-18 22:38 Severity: 1 Last Change: 2005-Jan-11 20:59 Priority: 1 Subsystem: Unknown Assigned To: Derived From: Creator: anonymous
| 2005-Jan-11 20:59 |
|
Check-in [275]: oops, I means fix for ticket #21 - original text: partial fix: the real fix is to redo the packet parsing system, which I've done, but needs to be merged. Thanks anonymous user! (by the way, I made the Exact same mistake in the completely redesigned parser, odd eh?) (By ahu) |
By anonymous on 2004-Sep-19 23:57:17
By anonymous on 2005-Jan-11 20:59:21