bind hack
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Nov 13 02:30:44 UTC 2001
> many thanks for responding....
>
> is it normal to get these all that frequently?
Yes and no. I find it strange that people care enough to
get the reverse zones delegated in the first place then refuse
to maintain them.
If you have a web server and it is logging access by name (not IP)
then it will generate a lot of reverse lookups.
> we don't have anything else in the messages file.. just this. tons of
> it and all the time since we started bind 9.1 3 days ago... every second
>
> the reason we are on alert is because we had another machine running bind
> 8.2 compromised and hackers got in through the bind server...
> the hacker generates so much tcp traffic that virtually shuts down the hole
> network where our machine is colocated....
>
> so we are paranoid now about this new bind and machine and think that this
> new one is under attack too...
Just make sure you that you only offer recursive service to the
clients that you expect to.
> i'm attaching a text file with a copy of a small section of our message
> file....
>
> how exactly is this affecting our clients?
Usually it just slows things down. But depending upon access
controls it can cause them to be denied access.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list