Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2001 14:53:53 +0200
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Mark.Andrews@nominum.com
Cc:        lee@kechara.net, freebsd-security@freebsd.org
Subject:   Re: bind hack?
Message-ID:  <20010412145353.E90025@mail.webmonster.de>
In-Reply-To: <200104101121.f3ABLPT88536@drugs.dv.isc.org>; from Mark.Andrews@nominum.com on Tue, Apr 10, 2001 at 09:21:25PM %2B1000
References:  <200104101151.MAA27699@mailgate.kechara.net> <200104101121.f3ABLPT88536@drugs.dv.isc.org>

next in thread | previous in thread | raw e-mail | index | archive | help
why not upgrade to djbdns and get rid of all that "whats scriptkiddie's
favourite bind exploit of the day" problems?
http://cr.yp.to/djbdns.html
http://www.djbdns.org/

the learning curve seems steep but if you understand the concept and
have your first configuration running, it works like a charm (and is
performant, too)

/k

Mark.Andrews@nominum.com(Mark.Andrews@nominum.com)@2001.04.10 21:21:25 +0000:
> 
> > On inspection it would appear it has been upgraded since I installed it. The 
> > machine
> > is now running 9.0.0r1, which may in part explain the problem.
> > 
> >  Why oh why do people not fill in maintenance logs..
> 
> 	If it's running 9.0.0rc1 then I suggest that you upgrade to
> 	9.1.1.
> 
> 	Mark
> > 
> > 11/04/2001 07:31:20, Mark.Andrews@nominum.com wrote:
> > 
> > >> Hi,
> > >> 
> > >>  This is a little puzzling. I'm running the latest in the 'series 8' BIND,
> >  bu
> > >> t every 24-48 hours, it dies, with this on the console:
> > >>  (latest example)
> > >
> > >	I alway hate people saying they are running "the latest".  Quite often
> > >	they arn't.  Precise error reports are important.  What version are
> > >	you running?
> > >
> > >> 
> > >>  Apr 10 08:02:11 uk-ns1 /kernel: pid 84 (named), uid 0: exited on signal 1
> > 0 (
> > >> core dumped)
> > >> 
> > >>  A few seconds prior the the above, the IDS logged this:
> > >> 
> > >> #20-(1-21575)	DNS named iquery attempt	2001-04-10 08:02:09   <
> > source I
> > >> P>	<box IP>		UDP
> > >> 
> > >>  The odd thing is, according to Whitehats, this attack only works on pre 8
> > .1.
> > >> 2 / 4.9.8?
> > >	
> > >	See infoleak at http://www.isc.org/products/BIND/bind-security.html
> > >
> > >> 
> > >>  Any input would be appreciated.
> > >> 
> > >> --
> > >> 
> > >> Lee Smallbone
> > >> Kechara Internet
> > >> 
> > >> lee@kechara.net
> > >> www.kechara.net 
> > >> 
> > >> Tel: (01243) 869 969
> > >> Fax: (01243) 866 685
> > >> 
> > >> 
> > >> 
> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >> with "unsubscribe freebsd-security" in the body of the message
> > >--
> > >Mark Andrews, Nominum Inc.
> > >1 Seymour St., Dundas Valley, NSW 2117, Australia
> > >PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@nominum.com
> > >
> > 
> > --
> > 
> > Lee Smallbone
> > Kechara Internet
> > 
> > lee@kechara.net
> > www.kechara.net 
> > 
> > Tel: (01243) 869 969
> > Fax: (01243) 866 685
> > 
> > 
> --
> Mark Andrews, Nominum Inc.
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@nominum.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
> If it ain't broke, overclock it!
KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010412145353.E90025>