From owner-freebsd-security Thu Jun 7 12:34:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from q.closedsrc.org (ip233.gte15.rb1.bel.nwlink.com [209.20.244.233]) by hub.freebsd.org (Postfix) with ESMTP id CFDBB37B403 for ; Thu, 7 Jun 2001 12:34:09 -0700 (PDT) (envelope-from lplist@closedsrc.org) Received: by q.closedsrc.org (Postfix, from userid 1003) id DD64E55407; Thu, 7 Jun 2001 12:22:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by q.closedsrc.org (Postfix) with ESMTP id CD85D51610; Thu, 7 Jun 2001 12:22:25 -0700 (PDT) Date: Thu, 7 Jun 2001 12:22:25 -0700 (PDT) From: Linh Pham To: Greg Haa Cc: "'freebsd-security@FreeBSD.ORG'" Subject: Re: Named In-Reply-To: <2BFD35C3F1F9D31185CE00B0D0202302838707@SUNKING> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2001-06-07, Greg Haa scribbled: # So this was in a named.core file. # # AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>BBBBBBBBBBBBBBBBBBBBBBB # BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB # AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>BBBBBBBBBBBBBBBBBBBBBB # BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBAAAAAAAAAAAAAAAAAAaa Could you include a snippet of your syslog? Just do 'more /var/log/messages' and see if there are any errors with 'named' listed. Also, do you know which version of BIND (ie: named) you are running? You can find out by running 'named -v'. It it's not 8.2.3-REL or 9.x.x then you should upgrade it to at least 8.2.3-REL (9.1.x preferred of course). It could be that you are getting hacked by a known security bug in earlier versions of BIND. -- Linh Pham [lplist@closedsrc.org] // 404b - Brain not found To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message