Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 May 1998 15:29:28 -0700 (PDT)
From:      michael@blueneptune.com
To:        freebsd-isp@FreeBSD.ORG
Cc:        mmoran@veronet.net, dyson@FreeBSD.ORG, batie@agora.rdrop.com, LutzRab@omc.net, robseco@moat.teksupport.net.au
Subject:   Re: Named disappeared
Message-ID:  <199805012229.PAA01307@rainey.blueneptune.com>
In-Reply-To: <199805012109.HAA01689@moat.teksupport.net.au> from "Rob Secombe" at May 2, 98 07:29:09 am
next in thread | previous in thread | raw e-mail | index | archive | help 

> We also had two of our nameservers, one in Melbourne and one in Canberra go
> down within seconds of each other. 
> 
> May  1 19:51:29 canberra /kernel: pid 70: named: uid 0: exited on signal 11
> May  1 19:51:32 wizard /kernel.256: pid 70 (named), uid 0: exited on signal 11 
> 
> This appears a global problem.


This looks more and more like somebody out there is launching a large-scale
attack against the security problems outlined in the recent CERT advisory.
Unless I'm reading the advisory wrong, a "signal 11" crash is certainly one
of the possible outcomes of somebody hitting your nameservers with an exploit
directed at these problems.

Here are the URLs again, giving the CERT advisory, and the page from which
you can download the latest BIND, either 4.* or 8.*, depending on your
preferences:

    http://www.cert.org/advisories/CA-98.05.bind_problems.html
    http://www.isc.org/new-bind.html

I upgraded all of our servers, which were running an embarassingly old
version of named (and FreeBSD), to use the new 4.9.7, with little effort
at all.  No configuration changes were needed, just unpack, build and
install as instructed.  It couldn't have been much simpler.  [I'd also
recommend that if you are currently running 4.*, that you upgrade first
to 4.9.7 to protect against the problems, then upgrade to 8.* at your
leisure, if you want.]


-- 
Michael Bryan
michael@blueneptune.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805012229.PAA01307>