From owner-freebsd-security Tue Apr 10 4:21:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id 40BE237B422 for ; Tue, 10 Apr 2001 04:21:34 -0700 (PDT) (envelope-from marka@nominum.com) Received: from nominum.com (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.2/8.11.2) with ESMTP id f3ABLPT88536; Tue, 10 Apr 2001 21:21:25 +1000 (EST) (envelope-from marka@nominum.com) Message-Id: <200104101121.f3ABLPT88536@drugs.dv.isc.org> To: lee@kechara.net Cc: freebsd-security@freebsd.org From: Mark.Andrews@nominum.com Subject: Re: bind hack? In-reply-to: Your message of "Tue, 10 Apr 2001 11:40:43 +0100." <200104101151.MAA27699@mailgate.kechara.net> Date: Tue, 10 Apr 2001 21:21:25 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On inspection it would appear it has been upgraded since I installed it. The > machine > is now running 9.0.0r1, which may in part explain the problem. > > Why oh why do people not fill in maintenance logs.. If it's running 9.0.0rc1 then I suggest that you upgrade to 9.1.1. Mark > > 11/04/2001 07:31:20, Mark.Andrews@nominum.com wrote: > > >> Hi, > >> > >> This is a little puzzling. I'm running the latest in the 'series 8' BIND, > bu > >> t every 24-48 hours, it dies, with this on the console: > >> (latest example) > > > > I alway hate people saying they are running "the latest". Quite often > > they arn't. Precise error reports are important. What version are > > you running? > > > >> > >> Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 1 > 0 ( > >> core dumped) > >> > >> A few seconds prior the the above, the IDS logged this: > >> > >> #20-(1-21575) DNS named iquery attempt 2001-04-10 08:02:09 < > source I > >> P> UDP > >> > >> The odd thing is, according to Whitehats, this attack only works on pre 8 > .1. > >> 2 / 4.9.8? > > > > See infoleak at http://www.isc.org/products/BIND/bind-security.html > > > >> > >> Any input would be appreciated. > >> > >> -- > >> > >> Lee Smallbone > >> Kechara Internet > >> > >> lee@kechara.net > >> www.kechara.net > >> > >> Tel: (01243) 869 969 > >> Fax: (01243) 866 685 > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > >-- > >Mark Andrews, Nominum Inc. > >1 Seymour St., Dundas Valley, NSW 2117, Australia > >PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com > > > > -- > > Lee Smallbone > Kechara Internet > > lee@kechara.net > www.kechara.net > > Tel: (01243) 869 969 > Fax: (01243) 866 685 > > -- Mark Andrews, Nominum Inc. 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message