From owner-freebsd-security  Thu Jun  7 14:16:59 2001
Delivered-To: freebsd-security@freebsd.org
Received: from intense.net (server.intense.net [199.217.236.1])
	by hub.freebsd.org (Postfix) with ESMTP id 8BB8637B401
	for <freebsd-security@FreeBSD.ORG>; Thu,  7 Jun 2001 14:16:52 -0700 (PDT)
	(envelope-from bobber@intense.net)
Received: from bob ([209.248.134.245])
	by intense.net (8.8.8/8.8.8) with SMTP id QAA54563;
	Thu, 7 Jun 2001 16:16:36 -0500 (CDT)
Message-ID: <002d01c0ef97$238cbce0$6c01a8c0@mpcsecurity.com>
From: "Robert Herrold" <bobber@intense.net>
To: "Greg Haa" <Greg.Haa@amux.com>, <freebsd-security@FreeBSD.ORG>
References: <2BFD35C3F1F9D31185CE00B0D0202302838707@SUNKING>
Subject: Re: Named
Date: Thu, 7 Jun 2001 16:16:07 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Yes, that's someone trying to exploit your box using a named bug. Looks to
me like you're running a <8.2.3 REL of bind. Make sure you're running bind
8.2.3 or later. If you're not, I would recommend you get chkrootkit to
verify you haven't been rooted.
www.chkrootkit.org

Bob Herrold
Senior Network Engineer
Metropark Communications
10405 A Baur Blvd
St Louis MO 63132
(314)439-1900


----- Original Message -----
From: "Greg Haa" <Greg.Haa@amux.com>
To: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, June 07, 2001 1:37 PM
Subject: Named


> So this was in a named.core file.
>
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>BBBBBBBBBBBBBBBBBBBBBBB
> BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>BBBBBBBBBBBBBBBBBBBBBB
> BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAaa
>
> or something very similar.  Can you tel;l me what this means?
>
>
> -thanks
>
> greg.haa@amux.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message