From owner-freebsd-isp Tue Apr 3 21:45:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 84CA237B71C for ; Tue, 3 Apr 2001 21:45:32 -0700 (PDT) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) id f344jVV53660 for freebsd-isp@FreeBSD.ORG.AVP; Wed, 4 Apr 2001 06:45:31 +0200 (CEST) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) with UUCP id f344jVB53654 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 06:45:31 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from gina ([192.168.5.100]) by arnold.neland.dk (8.11.3/8.11.0) with SMTP id f344j5u06556 for ; Wed, 4 Apr 2001 06:45:05 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <016601c0bcc2$1768df00$6405a8c0@neland.dk> Reply-To: "Leif Neland" From: "Leif Neland" To: References: Subject: Re: Named Keep crashing. Date: Wed, 4 Apr 2001 06:45:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by ns.internet.dk id f344jVB53654 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there any way to trace who is doing it? Running tcpdump with certain filter settings to avoid logging everything and filling the disk? Leif ----- Original Message ----- From: "Forrest W. Christian" To: "David Rhodus" Cc: Sent: Tuesday, April 03, 2001 12:53 PM Subject: Re: Named Keep crashing. > Yes, and do it now. > > You are being attcked. If you were running linux you'd already have been > rooted. > > What is happening is someone is trying to use a linux-specific attack for > bind and bind is exiting with an error because the linux binary that the > attacker is (successfully) trying to get you to run isn't exactly > compatible with freebsd. > > On Tue, 3 Apr 2001, David Rhodus wrote: > > > Date: Tue, 3 Apr 2001 06:53:24 -0400 > > From: David Rhodus > > To: freebsd-isp@FreeBSD.ORG > > Subject: Named Keep crashing. > > > > It seems as if about every moring I wake up named is not running. It has crashed during the day also, but now it seems every morning. > > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on signal 11 ( > > core dumped) > > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > > Do I need to install a new version on bind ? > > > > > > > > David Rhodus > > 859-626-1161 > > 859-527-9688 Pager > > sdrhodus@wildcatblue.com > > > > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com > Solutions for your high-tech problems. (406)-442-6648 > ---------------------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message