From owner-freebsd-isp Fri May 1 19:41:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA16613 for freebsd-isp-outgoing; Fri, 1 May 1998 19:41:15 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from iectech.com (netgate.iectech.com [198.136.226.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA16594; Fri, 1 May 1998 19:41:11 -0700 (PDT) (envelope-from CPELTIER@iectech.com) Received: by netgate.iectech.com id <6196>; Fri, 1 May 1998 18:14:45 -0400 From: Chris Peltier To: "'William Wong'" Cc: "'freebsd-questions@FreeBSD.ORG'" , "'freebsd-isp@FreeBSD.ORG'" Subject: RE: named catching sig 11's Date: Fri, 1 May 1998 22:24:41 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.837.3 Message-Id: <98May1.181445edt.6196@netgate.iectech.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I suspect that it is the CNAME recursion bug that is being exploited. Our primary name server's processor usage logged heavy CPU activity and gobbled up all available memory over a several hour period. Our secondary with much less memory died within 30 minutes of the attack. I here this exploit is going around. Sincerely, Chris Peltier * email: CPeltier@NetCarrier.com * voice: 215-257-4917 * FAX: 215-257-4916 >---------- >From: William Wong[SMTP:wwong@wiley.csusb.edu] >Sent: Friday, May 01, 1998 8:24 PM >To: freebsd-questions@FreeBSD.ORG >Subject: named catching sig 11's > > >Hi all, > >All of a sudden our DNS servers are catching sig 11's, primary as well >as >secondaries. Any clue as to what's going on? These machines are >running >2.2.5-stable's. Other DNS servers on different subnets are >experiencing >the same symptoms. > >-- >William Wong >wwong@wiley.csusb.edu > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message