Date: Thu, 22 Feb 2001 15:37:58 -0500 (EST) From: "Michael Richards" <michael@fastmail.ca> To: Cy.Schubert@uumail.gov.bc.ca Cc: freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <3A9578A6.000055.93744@frodo.searchcanada.ca>
next in thread | raw e-mail | index | archive | help
Hi.
Within minutes of discovering that the version of bind was
compromised, it was shut down and an onsite person booted the system
from a disk and ran tripwire. Nothing odd. I've been monitoring via
the firewall and paying close attention to that machine and there is
nothing out of the ordinary going on with it. I have a feeling that
people were trying a linux specific exploit and that was merely
causing bind to crash.
-Michael
> I wouldn't be surprised if your system has already been hacked.
> 8.2.3-REL has fixed all known (to ISC) security holes. All
> previous versions of BIND are vulnerable. If I (taking my
> manager's hat off and putting my security officer's hat on) were
> you I'd do the prudent thing, which is to verify the system was
> not already hacked or otherwise consider the system suspect until
> I can prove it otherwise.
_________________________________________________________________
http://fastmail.ca/ - Fast Free Web Email for Canadians
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9578A6.000055.93744>