On Sun, Jul 13, 2008 at 2:27 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > ... > So on that note I'll be more direct. Has anyone actually preemptively > written any code or reversed this issue on their own? Or just, you > know, attempted to understand the vulnerability in detail instead of > relying on these intentionally vague advisories (dan)?
my money is currently on ICMP port unreachable combined with the predictable ports to trick vulnerable resolvers into thinking the configured nameservers are offline: http://wari.mckay.com/~rm/dns_theroy.txt you could fix this via the method described, and not imply that the ICMP was part of the vector. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
