From owner-freebsd-security Thu Feb 22 12:38:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.interchange.ca (ns.interchange.ca [216.126.79.2]) by hub.freebsd.org (Postfix) with ESMTP id 4BC3437B491 for ; Thu, 22 Feb 2001 12:38:22 -0800 (PST) (envelope-from michael@fastmail.ca) Received: by mail.interchange.ca (Fastmailer, from userid 555) id 7627120CC; Thu, 22 Feb 2001 15:37:58 -0500 (EST) MIME-Version: 1.0 Message-Id: <3A9578A6.000055.93744@frodo.searchcanada.ca> Content-Type: Multipart/Mixed; boundary="------------Boundary-00=_ANE6GR72Q7BNTT4D7TH0" To: Cy.Schubert@uumail.gov.bc.ca Subject: Re: Bind problems Cc: freebsd-security@FreeBSD.ORG From: "Michael Richards" X-Fastmail-IP: 24.156.176.65 Date: Thu, 22 Feb 2001 15:37:58 -0500 (EST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------Boundary-00=_ANE6GR72Q7BNTT4D7TH0 Content-Type: Text/Plain Content-Transfer-Encoding: 7bit Hi. Within minutes of discovering that the version of bind was compromised, it was shut down and an onsite person booted the system from a disk and ran tripwire. Nothing odd. I've been monitoring via the firewall and paying close attention to that machine and there is nothing out of the ordinary going on with it. I have a feeling that people were trying a linux specific exploit and that was merely causing bind to crash. -Michael > I wouldn't be surprised if your system has already been hacked. > 8.2.3-REL has fixed all known (to ISC) security holes. All > previous versions of BIND are vulnerable. If I (taking my > manager's hat off and putting my security officer's hat on) were > you I'd do the prudent thing, which is to verify the system was > not already hacked or otherwise consider the system suspect until > I can prove it otherwise. _________________________________________________________________ http://fastmail.ca/ - Fast Free Web Email for Canadians --------------Boundary-00=_ANE6GR72Q7BNTT4D7TH0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message