David R. Conrad
David_Conrad at isc.org
Wed Nov 3 23:04:56 UTC 1999
>This is what I sent to www.cert.org:
> System config:
> Red Hat 5.2 no fixes
> Bind 8.2.1 (added 10/02/99)
> One of the above people got root access to my system through port 53 Turned
> on my ftpd service created a tcpd config file to allow backdoor access to
> my system, and then whent about trying to clear logs to cover his and
> anyone else's tracks!.
How do you know they gained access to port 53?
More information about the bind-users