From owner-freebsd-security Tue Apr 10 3:37:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2]) by hub.freebsd.org (Postfix) with ESMTP id 0B86F37B424 for ; Tue, 10 Apr 2001 03:37:55 -0700 (PDT) (envelope-from lee@kechara.net) Received: from area57 (lan-fw.kechara.net [62.49.139.3]) by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id MAA27699; Tue, 10 Apr 2001 12:51:17 +0100 Message-Id: <200104101151.MAA27699@mailgate.kechara.net> Date: Tue, 10 Apr 2001 11:40:43 +0100 To: Mark.Andrews@nominum.com Cc: freebsd-security@freebsd.org From: Lee Smallbone Subject: Re: bind hack? Reply-To: lee@kechara.net Organization: Kechara Internet X-Mailer: Opera 5.02 build 856a X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On inspection it would appear it has been upgraded since I installed it. The machine is now running 9.0.0r1, which may in part explain the problem. Why oh why do people not fill in maintenance logs.. 11/04/2001 07:31:20, Mark.Andrews@nominum.com wrote: >> Hi, >> >> This is a little puzzling. I'm running the latest in the 'series 8' BIND, bu >> t every 24-48 hours, it dies, with this on the console: >> (latest example) > > I alway hate people saying they are running "the latest". Quite often > they arn't. Precise error reports are important. What version are > you running? > >> >> Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 10 ( >> core dumped) >> >> A few seconds prior the the above, the IDS logged this: >> >> #20-(1-21575) DNS named iquery attempt 2001-04-10 08:02:09 > P> UDP >> >> The odd thing is, according to Whitehats, this attack only works on pre 8.1. >> 2 / 4.9.8? > > See infoleak at http://www.isc.org/products/BIND/bind-security.html > >> >> Any input would be appreciated. >> >> -- >> >> Lee Smallbone >> Kechara Internet >> >> lee@kechara.net >> www.kechara.net >> >> Tel: (01243) 869 969 >> Fax: (01243) 866 685 >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >-- >Mark Andrews, Nominum Inc. >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@nominum.com > -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message