From owner-freebsd-questions  Mon Feb 12  6:43: 5 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hercules.rbmg.com (unknown [207.243.236.14])
	by hub.freebsd.org (Postfix) with ESMTP id 70EC737B4EC
	for <freebsd-questions@FreeBSD.ORG>; Mon, 12 Feb 2001 06:42:58 -0800 (PST)
Received: by hercules.rbmg.com with Internet Mail Service (5.5.2653.19)
	id <D0055LP9>; Mon, 12 Feb 2001 09:44:26 -0500
Message-ID: <C7C1A68CCDF6D311BFE000508B95B48C02E5250C@apollo.rbmg.com>
From: Scott Hyjek <SHyjek@rbmg.com>
To: "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG>
Subject: Question: bind / named problem
Date: Mon, 12 Feb 2001 09:44:25 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C09502.4BBD1510"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C09502.4BBD1510
Content-Type: text/plain;
	charset="iso-8859-1"

Any information or guidance would be appreciated. We've experienced a
problem on our external DNS twice now (last thursday and Sunday). Name
resolution ceases and we receive the following: 
quentin/kernel: pid 104 (named), uid 0: exited on signal 6 (core dumped) 
This server has run fine for many many months and we've only recently (as
above) encountered this problem. No hardware or software changes have
occured. 
Lastly, we're aware of the current Bind vulnerability and plan to upgrade to
eliminate it. However, we'd like some guidance (if any is available) as to
how to determine if we've been exploited in such a manner. Thanks. 
<scott>

Scott Hyjek
"Little Man...Big Attitude"
Network Engineering
803-741-3101


------_=_NextPart_001_01C09502.4BBD1510
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>Question: bind / named problem</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Any information or guidance would be =
appreciated. We've experienced a problem on our external DNS twice now =
(last thursday and Sunday). Name resolution ceases and we receive the =
following:</FONT><FONT FACE=3D"Times New Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">quentin/kernel: pid 104 (named), uid =
0: exited on signal 6 (core dumped)</FONT><FONT FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">This server has run fine for many =
many months and we've only recently (as above) encountered this =
problem. No hardware or software changes have occured.</FONT> </P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Lastly, we're aware of the current =
Bind vulnerability and plan to upgrade to eliminate it. However, we'd =
like some guidance (if any is available) as to how to determine if =
we've been exploited in such a manner. Thanks.</FONT><FONT =
FACE=3D"Times New Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">&lt;scott&gt;</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Scott Hyjek</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">&quot;Little Man...Big =
Attitude&quot;</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Network Engineering</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">803-741-3101</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C09502.4BBD1510--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message