From owner-freebsd-security Tue Apr 10 3: 9:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2]) by hub.freebsd.org (Postfix) with ESMTP id C92D837B423 for ; Tue, 10 Apr 2001 03:09:33 -0700 (PDT) (envelope-from lee@kechara.net) Received: from area57 (lan-fw.kechara.net [62.49.139.3]) by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id MAA27594 for ; Tue, 10 Apr 2001 12:22:57 +0100 Message-Id: <200104101122.MAA27594@mailgate.kechara.net> Date: Tue, 10 Apr 2001 11:12:24 +0100 To: freebsd-security@freebsd.org From: Lee Smallbone Subject: bind hack? Reply-To: lee@kechara.net Organization: Kechara Internet X-Mailer: Opera 5.02 build 856a X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, This is a little puzzling. I'm running the latest in the 'series 8' BIND, but every 24-48 hours, it dies, with this on the console: (latest example) Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 10 (core dumped) A few seconds prior the the above, the IDS logged this: #20-(1-21575) DNS named iquery attempt 2001-04-10 08:02:09 UDP The odd thing is, according to Whitehats, this attack only works on pre 8.1.2 / 4.9.8? Any input would be appreciated. -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message