Date: Mon, 14 May 2001 22:28:45 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Kris Kennaway <kris@obsecurity.org>, John Baxter <jbaxter@mmcable.com>, "Dan Mahoney, System Admin" <danm@prime.gushi.org>, questions@FreeBSD.ORG Subject: Re: onitoring named Message-ID: <20010514222845.C95631@xor.obsecurity.org> In-Reply-To: <006b01c0dcff$2c7dff80$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, May 14, 2001 at 10:23:28PM -0700 References: <20010514200140.A93481@xor.obsecurity.org> <006b01c0dcff$2c7dff80$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--L6iaP+gRLNZHKoI4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 14, 2001 at 10:23:28PM -0700, Ted Mittelstaedt wrote: > >Both: >95% of the reported problems with named crashes on FreeBSD > >lists in the past 4 months have been penetration attempts, or at least > >occurred to people running vulnerable versions of named with symptoms > >perfectly consistent to being attacked. Therefore this is the best > >initial diagnosis for people reporting problems with their named, > >until they go further and rule it out by indicating that they're > >already running 8.2.3-REL or a version of 9.x. At that point more > >detailed analysis is obviously required (which perhaps might be better > >carried out on the bind support mailing lists). >=20 > The only problem with this statistic (assuming the 95% is > accurate) is that for it to be a valid indicator, this would > require that all the people having problems with bind > did, in fact, query the FreeBSD lists first, instead of > posting in the newsgroups or mailing lists. Please note that I specifically did not say "95% of all people with BIND problems", I qualified the statistic by restricting it to the places I observed the data from, namely the FreeBSD lists. I would not, for example, extend this expectation to people reporting BIND problems to the BIND support list, because it's clearly a different domain. It is only a valid indicator for a) FreeBSD support lists and b) at the present time, until the trend substantially changes (maybe in 6 months or so). Kris --L6iaP+gRLNZHKoI4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7AL6MWry0BWjoQKURAot6AJ40O0NFS9YkNOQNnZq5LXGbeMaW+wCgnLDl Z2cEHwGrl/CIrCjiBgsR23g= =pzDl -----END PGP SIGNATURE----- --L6iaP+gRLNZHKoI4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010514222845.C95631>