Date: Tue, 10 Apr 2001 20:31:20 +1000 From: Mark.Andrews@nominum.com To: lee@kechara.net Cc: freebsd-security@freebsd.org Subject: Re: bind hack? Message-ID: <200104101031.f3AAVKT88479@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 10 Apr 2001 11:12:24 %2B0100." <200104101122.MAA27594@mailgate.kechara.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > This is a little puzzling. I'm running the latest in the 'series 8' BIND, bu > t every 24-48 hours, it dies, with this on the console: > (latest example) I alway hate people saying they are running "the latest". Quite often they arn't. Precise error reports are important. What version are you running? > > Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 10 ( > core dumped) > > A few seconds prior the the above, the IDS logged this: > > #20-(1-21575) DNS named iquery attempt 2001-04-10 08:02:09 <source I > P> <box IP> UDP > > The odd thing is, according to Whitehats, this attack only works on pre 8.1. > 2 / 4.9.8? See infoleak at http://www.isc.org/products/BIND/bind-security.html > > Any input would be appreciated. > > -- > > Lee Smallbone > Kechara Internet > > lee@kechara.net > www.kechara.net > > Tel: (01243) 869 969 > Fax: (01243) 866 685 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Nominum Inc. 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104101031.f3AAVKT88479>