[Bug 1570788] Re: Makes mDNS ddos amplification attack possible
Marcus Karlsson
1570788 at bugs.launchpad.net
Fri Apr 15 14:40:18 UTC 2016
Apparently that wasn't the case, from another host I was able to
reproduce it with IPv4 as well.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1570788
Title:
Makes mDNS ddos amplification attack possible
Status in avahi package in Ubuntu:
New
Bug description:
Apparently mDNS can be used for ddos amplification, see for instance https://mdns.shadowserver.org/ and https://www.us-cert.gov/ncas/alerts/TA14-017A
Steps to reproduce:
dig @rusk.hpc2n.umu.se -p 5353 -t ptr _services._dns-sd._udp.local
The response is supposedly 2-10 times the size of the query, making
for a moderate but noticeable amplification.
Workarounds are easy, but not responding outside localnet by default
is probably reasonable for mDNS.
Reproduced at at least trusty and precise, would be very surprised if
it didn't also apply to xenial but I left my xenial laptop at home
today. :)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: avahi-daemon 0.6.30-5ubuntu2.1
ProcVersionSignature: Ubuntu 3.13.0-83.127~precise1-generic 3.13.11-ckt35
Uname: Linux 3.13.0-83-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.0.1-0ubuntu17.13
Architecture: amd64
Date: Fri Apr 15 12:12:22 2016
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_US:en
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: avahi
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1570788/+subscriptions
More information about the foundations-bugs
mailing list