From owner-freebsd-questions Mon May 14 20: 1:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-32.dsl.lsan03.pacbell.net [63.207.60.32]) by hub.freebsd.org (Postfix) with ESMTP id 160C937B43E for ; Mon, 14 May 2001 20:01:42 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 25D3966D87; Mon, 14 May 2001 20:01:41 -0700 (PDT) Date: Mon, 14 May 2001 20:01:40 -0700 From: Kris Kennaway To: Ted Mittelstaedt Cc: Kris Kennaway , John Baxter , "Dan Mahoney, System Admin" , questions@FreeBSD.ORG Subject: Re: onitoring named Message-ID: <20010514200140.A93481@xor.obsecurity.org> References: <20010514025811.A32800@xor.obsecurity.org> <001201c0dce7$821145a0$1401a8c0@tedm.placo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001201c0dce7$821145a0$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, May 14, 2001 at 07:34:04PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, May 14, 2001 at 07:34:04PM -0700, Ted Mittelstaedt wrote: > I'm not sure if your agreeing that this is the most commonly given answer, > or your stating that most nameserver problems are a result of crack > attempts. Both: >95% of the reported problems with named crashes on FreeBSD lists in the past 4 months have been penetration attempts, or at least occurred to people running vulnerable versions of named with symptoms perfectly consistent to being attacked. Therefore this is the best initial diagnosis for people reporting problems with their named, until they go further and rule it out by indicating that they're already running 8.2.3-REL or a version of 9.x. At that point more detailed analysis is obviously required (which perhaps might be better carried out on the bind support mailing lists). > Maybe we ought to tell the next person who complains that their > nameserver is crashing, that this means their ram is bad and to go > replace it all. ;-) Well, that's also a possible explanation, but not the most likely one. Kris --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7AJwTWry0BWjoQKURAi6kAJ44knTii3iu/7ddD97fbo39ENTbZQCg7KQc yitCQXpuThP67TuE1QNx38U= =bAMJ -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message