full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Exploitation of unused

Re: [Full-disclosure] Exploitation of unused IPv6-capabilities

From: Florian Weimer <fw_at_nospam>
Date: Tue Jan 20 2009 - 13:51:03 GMT
To: Sebastian Krahmer <krahmer@suse.de>

  • Sebastian Krahmer:

> What do you mean by that? I looked at the glibc resolver,
> it might be that if getaddrinfo() does not get proper
> ai_family arguments of AF_INET, it will accept AAAA records.
> So, the application which thinks is using IPv4 DNS resolving
> will eventually connect using IPv6?

The original reason for using getaddrinfo was to make applications IPv6-aware. In order to push at least some traffic over IPv6, getaddrinfo implementations typically prefer IPv6 over IPv4. However, this comes into play only if the name has got an AAAA in the first place, which is still rare (except perhaps for DNS and mail servers).

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/