Date: Mon, 12 Feb 2001 16:09:53 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Scott Hyjek <SHyjek@rbmg.com> Cc: "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Question: bind / named problem Message-ID: <20010212160953.A39102@mollari.cthul.hu> In-Reply-To: <C7C1A68CCDF6D311BFE000508B95B48C02E5250C@apollo.rbmg.com>; from SHyjek@rbmg.com on Mon, Feb 12, 2001 at 09:44:25AM -0500 References: <C7C1A68CCDF6D311BFE000508B95B48C02E5250C@apollo.rbmg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 12, 2001 at 09:44:25AM -0500, Scott Hyjek wrote: > Any information or guidance would be appreciated. We've experienced a > problem on our external DNS twice now (last thursday and Sunday). Name > resolution ceases and we receive the following:=20 > quentin/kernel: pid 104 (named), uid 0: exited on signal 6 (core dumped)= =20 > This server has run fine for many many months and we've only recently (as > above) encountered this problem. No hardware or software changes have > occured.=20 > Lastly, we're aware of the current Bind vulnerability and plan to upgrade= to > eliminate it. However, we'd like some guidance (if any is available) as to > how to determine if we've been exploited in such a manner. Thanks.=20 > <scott> An exploit is available and being used in the wild. You may have been attacked, it's not possible to say with certainty. Kris --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6iHtRWry0BWjoQKURAk15AJ4rOAm8tyR1beh1kAadikF+dRn4BQCeKH/f CpKuQJyg82wvl+tf7pcFvKg= =FuyP -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212160953.A39102>