From owner-freebsd-questions  Mon May 14 20: 1:45 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-32.dsl.lsan03.pacbell.net [63.207.60.32])
	by hub.freebsd.org (Postfix) with ESMTP id 160C937B43E
	for <questions@FreeBSD.ORG>; Mon, 14 May 2001 20:01:42 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 25D3966D87; Mon, 14 May 2001 20:01:41 -0700 (PDT)
Date: Mon, 14 May 2001 20:01:40 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Ted Mittelstaedt <tedm@toybox.placo.com>
Cc: Kris Kennaway <kris@obsecurity.org>,
	John Baxter <jbaxter@mmcable.com>,
	"Dan Mahoney, System Admin" <danm@prime.gushi.org>,
	questions@FreeBSD.ORG
Subject: Re: onitoring named
Message-ID: <20010514200140.A93481@xor.obsecurity.org>
References: <20010514025811.A32800@xor.obsecurity.org> <001201c0dce7$821145a0$1401a8c0@tedm.placo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <001201c0dce7$821145a0$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, May 14, 2001 at 07:34:04PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, May 14, 2001 at 07:34:04PM -0700, Ted Mittelstaedt wrote:

> I'm not sure if your agreeing that this is the most commonly given answer,
> or your stating that most nameserver problems are a result of crack
> attempts.

Both: >95% of the reported problems with named crashes on FreeBSD
lists in the past 4 months have been penetration attempts, or at least
occurred to people running vulnerable versions of named with symptoms
perfectly consistent to being attacked.  Therefore this is the best
initial diagnosis for people reporting problems with their named,
until they go further and rule it out by indicating that they're
already running 8.2.3-REL or a version of 9.x.  At that point more
detailed analysis is obviously required (which perhaps might be better
carried out on the bind support mailing lists).

> Maybe we ought to tell the next person who complains that their
> nameserver is crashing, that this means their ram is bad and to go
> replace it all. ;-)

Well, that's also a possible explanation, but not the most likely one.

Kris

--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7AJwTWry0BWjoQKURAi6kAJ44knTii3iu/7ddD97fbo39ENTbZQCg7KQc
yitCQXpuThP67TuE1QNx38U=
=bAMJ
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message