Re: Dynamic DNS "Spoofing" & IRC

From: Markus Kovero (
Date: 05/02/03

  • Next message: c4: "Re: Dynamic DNS "Spoofing" & IRC"
    Date: Fri, 2 May 2003 18:26:24 +0300 (EEST)
    To: Intel Nop <>

    We have in Darkmyst ( ) this thing called hostname
    verification or smthin:

    21:36 [nla] ! *** Notice -- IP# Mismatch: !=[82b19f18]

    Don't know exactly how it works, probably kills user with fake hostname.
    We're using somekind modified darkhex ircd atm and we're coding new one
    which is in beta-stage now.

    cheers and happy "vappu"-holidays; Markus Kovero

    On Thu, 1 May 2003, Intel Nop wrote:

    > This is a trivial "feature/flaw" I've been holding onto for a bit, and it's
    > probably commonly known, but I haven't seen it posted anywhere, more of a
    > neat little thing in taking advantage of IRC and it's treatment of dyndns
    > within DNS if reverse lookup is possible.
    > IRC (Internet Relay Chat) servers being a common ground for chat, have some
    > annoyances such as the username@ipaddress or username@domainname, some
    > people don't like that etc, being that they have to use a bouncer to avoid
    > showing their own ip address or hostname to other users if they want to
    > maintain some sort of privacy.
    > Well here's a pseudo-privacy trick that can be reasonably easy to perform
    > given one has control of a dns server that performs reverse and forward
    > lookups, support for dyndns scripts, and a domain-name registered to you.
    > You can optionally use a bouncer if you want.
    > In my example, I will use the host name, a port
    > forwarding tool, a zoneedit account with my dyndns script that forward
    > resolves, and a friend's server (he/she runs an isp) that allows for me to
    > have an PTR record to the ip address "" (<-- this is a private
    > address for demo purposes) on his server as
    > Step 1) I have zoneedit script set up to tell it that my dyndns address is
    > to is, which it updates immediately and the
    > server has PTR record for as (thus
    > allowing reverse and forward lookup of
    > My portforward (say we're using datapipe.c on the box)
    > settings are datapipe 6667 6667
    > Step 2) Log into irc server on your local machine by doing a /server
    > 6667, make sure the irc server has resolved you as
    > Step 3) Run your dyndns script for zoneedit to assign your ip address as
    > whatever ip you want (in this case I'll use, then wait about a
    > minute before joining a channel.
    > By this time, your dyndns should have updated and changed your ip address to
    >, and irc servers don't re-check after you've connected (so anyone
    > resolving your hostname will come up with
    > I don't know if this is categorized as a flaw in dns or irc, or just merely
    > exploiting a feature, and this is a rather trivial trick (surely can't be
    > original and I apologize if it's been posted before).
    > A fix I think would have ircd recheck after a certain amount of time for
    > resolving properties of their dns, and I was going to say dnssec, but I
    > can't really see that fixing the problem unless ircd re-checks as well
    > there.
    > This "feature/flaw" could probably apply to other application protocols as
    > well that do not recheck dns properties, but I haven't taken the time to
    > come up for other practical uses for it.
    > This has been tested on most ircd server versions and all so far are victim
    > to this "hack".
    > 0x90

  • Next message: c4: "Re: Dynamic DNS "Spoofing" & IRC"