From owner-freebsd-questions Mon May 14 22:28:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-32.dsl.lsan03.pacbell.net [63.207.60.32]) by hub.freebsd.org (Postfix) with ESMTP id BF77137B43E for ; Mon, 14 May 2001 22:28:45 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 494AD66C8C; Mon, 14 May 2001 22:28:45 -0700 (PDT) Date: Mon, 14 May 2001 22:28:45 -0700 From: Kris Kennaway To: Ted Mittelstaedt Cc: Kris Kennaway , John Baxter , "Dan Mahoney, System Admin" , questions@FreeBSD.ORG Subject: Re: onitoring named Message-ID: <20010514222845.C95631@xor.obsecurity.org> References: <20010514200140.A93481@xor.obsecurity.org> <006b01c0dcff$2c7dff80$1401a8c0@tedm.placo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="L6iaP+gRLNZHKoI4" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <006b01c0dcff$2c7dff80$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, May 14, 2001 at 10:23:28PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --L6iaP+gRLNZHKoI4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 14, 2001 at 10:23:28PM -0700, Ted Mittelstaedt wrote: > >Both: >95% of the reported problems with named crashes on FreeBSD > >lists in the past 4 months have been penetration attempts, or at least > >occurred to people running vulnerable versions of named with symptoms > >perfectly consistent to being attacked. Therefore this is the best > >initial diagnosis for people reporting problems with their named, > >until they go further and rule it out by indicating that they're > >already running 8.2.3-REL or a version of 9.x. At that point more > >detailed analysis is obviously required (which perhaps might be better > >carried out on the bind support mailing lists). >=20 > The only problem with this statistic (assuming the 95% is > accurate) is that for it to be a valid indicator, this would > require that all the people having problems with bind > did, in fact, query the FreeBSD lists first, instead of > posting in the newsgroups or mailing lists. Please note that I specifically did not say "95% of all people with BIND problems", I qualified the statistic by restricting it to the places I observed the data from, namely the FreeBSD lists. I would not, for example, extend this expectation to people reporting BIND problems to the BIND support list, because it's clearly a different domain. It is only a valid indicator for a) FreeBSD support lists and b) at the present time, until the trend substantially changes (maybe in 6 months or so). Kris --L6iaP+gRLNZHKoI4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7AL6MWry0BWjoQKURAot6AJ40O0NFS9YkNOQNnZq5LXGbeMaW+wCgnLDl Z2cEHwGrl/CIrCjiBgsR23g= =pzDl -----END PGP SIGNATURE----- --L6iaP+gRLNZHKoI4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message