CA-2002-15 fingerprint?

Mark_Andrews at Mark_Andrews at
Wed Jun 5 23:40:51 UTC 2002

> Hi,
> today's CERT advisory about BIND 9 was missing one rather critical
> piece of information:  How can I detect if a server was brought
> down by the attack described in CA-2002-15?  In other words, are
> there 'typical' log messages?

	There is enough information in the advisary to determine if
	a REQUIRE failure is due to this provided you have the source

> I've already checked the ISC web site but found nothing.  Some
> pointers would be appreciated.  I had some strange crashes of pure
> resolvers (BIND 9.2.0rc2 mostly) during the last two weeks and I
> want to know if they are related.
> /s/Udo
> -- 
> Enjoy the beauty and power of root
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at

More information about the bind-users mailing list