Date: Mon, 30 Aug 1999 23:36:19 -0000 From: 3xT <awacs@3XT.ORG> Subject: Dynamic DNS Vulnerability To: BUGTRAQ@SECURITYFOCUS.COM Sorry, hit enter in the first one thinking it would tab down. Here it is: Currently most inplementations of Dynamic DNS or "DDNS" rely upon only client IP addresses in an access list for authentication. The impact is that anyone can spoof update packets from a false source address and the server will happily accept them. I am going to include the URL to a tool that can be used to exploit the vulnerability. Hopefully vendors will strive to do what's right in a timely fasion. Spoofer Utility: http://www.3xt.org/projects Download ddns.tar.gz from there. Best Wishes, -awacs 3xT