eggdrop
eggdrop copied to clipboard
eggheads
Reverse DNS Lookup Spoofing
| Trac | Data |
|---|---|
| Ticket | 13 |
| Reported by | BarkerJr |
| Status | assigned |
| Component | Core |
| Priority | major |
| Milestone | 1.8.0 |
| Version | 1.8.0 CVS |
It turns out that Eggdrop does not check to see if the DNS is spoofed when accepting a telnet session.
Telnet connection: barkerjr.ircd/56705 Denied telnet: [email protected], No Access
Now, this would be fine if the host was actually valid for forward resolving. However...
- Dns resolved 69.50.185.193 to barkerjr.ircd
- Dns unable to resolve barkerjr.ircd
Since it's not verifying the forward DNS, this could be a problem. Reverse DNS is specified by the net-block administrator, so it can easily be invalid, by mistake or intentionally.
So, this could be a problem, as any net-block admin can spoof hostnames and telnet to your bot as a known user's hostname, rendering protect-telnet ineffective.
please. close, because CANT FIX. reasoning: http://jdebp.info/FGA/dns-avoid-double-reverse.html