[Bug 1570788] Re: Makes mDNS ddos amplification attack possible
Trent Lloyd
trent.lloyd at canonical.com
Fri Apr 15 11:22:59 UTC 2016
Thanks for the report.
I was interestingly unable to reproduce this when testing, so I will dig
in further and try to determine why.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1570788
Title:
Makes mDNS ddos amplification attack possible
Status in avahi package in Ubuntu:
New
Bug description:
Apparently mDNS can be used for ddos amplification, see for instance https://mdns.shadowserver.org/ and https://www.us-cert.gov/ncas/alerts/TA14-017A
Steps to reproduce:
dig @rusk.hpc2n.umu.se -p 5353 -t ptr _services._dns-sd._udp.local
The response is supposedly 2-10 times the size of the query, making
for a moderate but noticeable amplification.
Workarounds are easy, but not responding outside localnet by default
is probably reasonable for mDNS.
Reproduced at at least trusty and precise, would be very surprised if
it didn't also apply to xenial but I left my xenial laptop at home
today. :)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: avahi-daemon 0.6.30-5ubuntu2.1
ProcVersionSignature: Ubuntu 3.13.0-83.127~precise1-generic 3.13.11-ckt35
Uname: Linux 3.13.0-83-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.0.1-0ubuntu17.13
Architecture: amd64
Date: Fri Apr 15 12:12:22 2016
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_US:en
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: avahi
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1570788/+subscriptions
More information about the foundations-bugs
mailing list