Date: Thu, 22 Feb 2001 15:22:55 -0600 (CST) From: Marc Rassbach <marc@milestonerdl.com> To: Michael Richards <michael@fastmail.ca> Cc: Cy.Schubert@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <Pine.BSF.4.21.0102221521280.11103-100000@tandem.milestonerdl.com> In-Reply-To: <3A9578A6.000055.93744@frodo.searchcanada.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Or, you may have been running -u bind -g bind and that works to keep the lid on things. (Unless the security team knows that -u -g on bind 8 doesn't help.) On Thu, 22 Feb 2001, Michael Richards wrote: > Hi. > > Within minutes of discovering that the version of bind was > compromised, it was shut down and an onsite person booted the system > from a disk and ran tripwire. Nothing odd. I've been monitoring via > the firewall and paying close attention to that machine and there is > nothing out of the ordinary going on with it. I have a feeling that > people were trying a linux specific exploit and that was merely > causing bind to crash. > > -Michael > > > I wouldn't be surprised if your system has already been hacked. > > 8.2.3-REL has fixed all known (to ISC) security holes. All > > previous versions of BIND are vulnerable. If I (taking my > > manager's hat off and putting my security officer's hat on) were > > you I'd do the prudent thing, which is to verify the system was > > not already hacked or otherwise consider the system suspect until > > I can prove it otherwise. > > _________________________________________________________________ > http://fastmail.ca/ - Fast Free Web Email for Canadians To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102221521280.11103-100000>