BIND 8.2.2 crashed
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Tue Mar 13 01:15:55 UTC 2001
>
> I am running BIND 8.2.2 on an OpenBSD machine. I know I should upgrade to
> 8.2.3, but it runs chrooted as a lowly user.
>
> It died on Friday with the following being the last entry in
> /var/log/daemon:
>
> Mar 9 20:00:15 claudette named[4773]: bad referral
> (174.147.192.in-addr.arpa !< 173.174.147.192.in-addr.
> arpa)
>
> Any ideas on this? Normally it is very stable, so I am wondering if I have
> been the victim of a DOS attack. If so, what sort of things should I be
> looking for.
I get amazed at people sometimes. You know that you have
a vulnerable version of named, don't take the 5 minutes it
takes to upgrade, then waste thousands of peoples time
asking about what to look for when someone finds your
server. It just doesn't add up.
Unless they managed to get out of the jail you should be
ok however I would upgrade, reboot to ensure that the
compromised process is no longer running, and check the
contents of the jail to ensure it integrity.
Mark
>
> Craig Findlay
> Senior Development Engineer
> The ILID Partnership
> 4 Gipps Street, Collingwood
> Victoria, 3066, Australia
> Phone: +61 3 9418 4052
> Fax: +61 3 9417 4082
> Email: craig at ilid.com.au
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list