From owner-freebsd-security Tue Apr 10 3:31:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id 962A337B423 for ; Tue, 10 Apr 2001 03:31:37 -0700 (PDT) (envelope-from marka@nominum.com) Received: from nominum.com (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.2/8.11.2) with ESMTP id f3AAVKT88479; Tue, 10 Apr 2001 20:31:22 +1000 (EST) (envelope-from marka@nominum.com) Message-Id: <200104101031.f3AAVKT88479@drugs.dv.isc.org> To: lee@kechara.net Cc: freebsd-security@freebsd.org From: Mark.Andrews@nominum.com Subject: Re: bind hack? In-reply-to: Your message of "Tue, 10 Apr 2001 11:12:24 +0100." <200104101122.MAA27594@mailgate.kechara.net> Date: Tue, 10 Apr 2001 20:31:20 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi, > > This is a little puzzling. I'm running the latest in the 'series 8' BIND, bu > t every 24-48 hours, it dies, with this on the console: > (latest example) I alway hate people saying they are running "the latest". Quite often they arn't. Precise error reports are important. What version are you running? > > Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 10 ( > core dumped) > > A few seconds prior the the above, the IDS logged this: > > #20-(1-21575) DNS named iquery attempt 2001-04-10 08:02:09 P> UDP > > The odd thing is, according to Whitehats, this attack only works on pre 8.1. > 2 / 4.9.8? See infoleak at http://www.isc.org/products/BIND/bind-security.html > > Any input would be appreciated. > > -- > > Lee Smallbone > Kechara Internet > > lee@kechara.net > www.kechara.net > > Tel: (01243) 869 969 > Fax: (01243) 866 685 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Nominum Inc. 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message