From owner-freebsd-security Tue Jan 30 18:42: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.org (adsl-64-169-104-72.dsl.lsan03.pacbell.net [64.169.104.72]) by hub.freebsd.org (Postfix) with ESMTP id 6222037B698 for ; Tue, 30 Jan 2001 18:41:46 -0800 (PST) Received: by obsecurity.org (Postfix, from userid 1000) id CBA4BBA2B4; Tue, 30 Jan 2001 18:42:16 -0800 (PST) Date: Tue, 30 Jan 2001 18:42:16 -0800 From: Kris Kennaway To: David La Croix Cc: freebsd-security@FreeBSD.ORG Subject: Re: Bind: unapproved query (version.bind) Script kiddies? Message-ID: <20010130184216.G54217@xor.obsecurity.org> References: <200101302245.RAA12443@cowpie.acm.vt.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7LkOrbQMr4cezO2T" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101302245.RAA12443@cowpie.acm.vt.edu>; from dlacroix@cowpie.acm.vt.edu on Tue, Jan 30, 2001 at 04:45:04PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --7LkOrbQMr4cezO2T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 30, 2001 at 04:45:04PM -0600, David La Croix wrote: > I just noticed the following in my logfiles: (/var/log/messages) >=20 > it was running Bind 8.2.2- >=20 > Jan 26 22:37:43 mildred named[41908]: unapproved query from [208.44.147.1= 1].1584 > for "version.bind" > [repeat 23 more times from the same IP] Yes, they're querying you for the version of BIND you're running. Since 8.2.2 is vulnerable I suggest you update ASAP. Kris --7LkOrbQMr4cezO2T Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6d3uIWry0BWjoQKURAnF4AKDVWHzgG/m2egHi2h30gbIi6S+IEwCeLUnX mMRMa1L9CzAkRuAgjlfzGlc= =TMMB -----END PGP SIGNATURE----- --7LkOrbQMr4cezO2T-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message