Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Mar 2001 23:28:46 -0600
From:      Christopher Farley <chris@northernbrewer.com>
To:        Eugene Lee <eugene@anime.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: I need a script.
Message-ID:  <20010315232844.A4180@northernbrewer.com>
In-Reply-To: <20010315120039.C6942@anime.net>; from eugene@anime.net on Thu, Mar 15, 2001 at 12:00:39PM -0800
References:  <3AB11A0E.EF2C79D3@pyramus.com> <20010315134930.A2780@northernbrewer.com> <20010315120039.C6942@anime.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Eugene Lee (eugene@anime.net) wrote:

> I had 2 crashes within a week using the stock named in 4.2-RELEASE.
> I recompiled named from the FreeBSD source, and that seems to work
> without any problems.  I'm running 'named 8.2.3-T6B'.  I wonder if
> the shipped binary has a problem.

Yes, it does. When 4.2 was released, there were no known vulnerabilities
in BIND. As of late January, there are. This is not a problem unique
to FreeBSD, it is a problem with all systems that run the BIND name
server (nearly every *nix machine).

Since BIND is so ubiquitous, this problem is ripe for widespread
exploitation. It's amazing that you immediately hear about the Anna
Kournikova virus on your local news, but the BIND vulnerabilities,
which are far more dangerous to the Internet, are not reported at all.

There have been a *lot* of complaints of nameserver crashes on this
list in the past 45 days. I don't know about you, but in my experience
BIND doesn't often crash on its own. It's likely that somebody with
malicious intent is causing the crashes. If you're lucky, the
attacks are unsuccessful and your nameserver is "just" crashing.

If you are unlucky, your machine may already be compromised. You
may one day find yourself unwittingly hosting an anonymous ftp
server for bestiality mpegs. Or maybe your computer will be a key
participant in a successful, high-profile DoS attack against
Microsoft, Time Warner, Qwest Communications, and www.whitehouse.gov.
Or perhaps your hard drive will be wiped clean by somebody
trying to cover their tracks. 

Just because you can do something, does not mean that you should.
I think writing a script to restart your DNS server when it coredumps
is a VERY BAD THING.  If each named crash is an attempt on your
machine, and you've got a script to *automatically restart it*, an
attacker can launch a sustained assault against your machine. You are
giving them many more chances to be successful.

Get to the root of the problem whatever it is. 

-- 
Christopher Farley
www.northernbrewer.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010315232844.A4180>