Compromised BIND?

Supersonic wbpfsguy at
Tue May 31 18:38:13 UTC 2011

I have a BIND 9.8.0-P2 server instance running on a production server. My
firewall is showing repeated attempts by named.exe to connect to IP
addresses in foreign countries on ports 6666, 6667 and 6669 - common IRC
ports used by worms/trojans/zombies. Checking my named.exe file, it shows
that it is unchanged from the installation source. Is this connection
normal? Should I be allowing it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list