Date: Thu, 15 Mar 2001 23:28:46 -0600 From: Christopher Farley <chris@northernbrewer.com> To: Eugene Lee <eugene@anime.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: I need a script. Message-ID: <20010315232844.A4180@northernbrewer.com> In-Reply-To: <20010315120039.C6942@anime.net>; from eugene@anime.net on Thu, Mar 15, 2001 at 12:00:39PM -0800 References: <3AB11A0E.EF2C79D3@pyramus.com> <20010315134930.A2780@northernbrewer.com> <20010315120039.C6942@anime.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eugene Lee (eugene@anime.net) wrote: > I had 2 crashes within a week using the stock named in 4.2-RELEASE. > I recompiled named from the FreeBSD source, and that seems to work > without any problems. I'm running 'named 8.2.3-T6B'. I wonder if > the shipped binary has a problem. Yes, it does. When 4.2 was released, there were no known vulnerabilities in BIND. As of late January, there are. This is not a problem unique to FreeBSD, it is a problem with all systems that run the BIND name server (nearly every *nix machine). Since BIND is so ubiquitous, this problem is ripe for widespread exploitation. It's amazing that you immediately hear about the Anna Kournikova virus on your local news, but the BIND vulnerabilities, which are far more dangerous to the Internet, are not reported at all. There have been a *lot* of complaints of nameserver crashes on this list in the past 45 days. I don't know about you, but in my experience BIND doesn't often crash on its own. It's likely that somebody with malicious intent is causing the crashes. If you're lucky, the attacks are unsuccessful and your nameserver is "just" crashing. If you are unlucky, your machine may already be compromised. You may one day find yourself unwittingly hosting an anonymous ftp server for bestiality mpegs. Or maybe your computer will be a key participant in a successful, high-profile DoS attack against Microsoft, Time Warner, Qwest Communications, and www.whitehouse.gov. Or perhaps your hard drive will be wiped clean by somebody trying to cover their tracks. Just because you can do something, does not mean that you should. I think writing a script to restart your DNS server when it coredumps is a VERY BAD THING. If each named crash is an attempt on your machine, and you've got a script to *automatically restart it*, an attacker can launch a sustained assault against your machine. You are giving them many more chances to be successful. Get to the root of the problem whatever it is. -- Christopher Farley www.northernbrewer.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010315232844.A4180>