"Dave Clendenan": [BIND-BUGS #931] attack on my nameserver
Mr. James W. Laferriere
babydr at baby-dragons.com
Sat Jun 3 16:47:30 UTC 2000
Hello Paul, I've found no evidence of this type of intrusion
on my name-servers . Dave, Could this be a remnant of an
intrusion from when the system was running an earlier version ?
Hth, JimL
On Sat, 3 Jun 2000, Paul A Vixie wrote:
> anybody else seen this?
> ------- Forwarded Message
...header snipped...
> Hi
>
> last weekend my server was attacked, and the means
> of entry seemed to be bind 8.2.2-P5
> yup, the latest bind.
>
> the telltale 'ADMROCKS' directory was left in
> /var/named.
>
> It seems from my research that the problem was mostly that I'd
> run with the default (allow recursion and fetch-glue requests,
> run as root) settings.
>
> Everything I've read since says don't do any of these things.
>
> Have I been reading the wrong info, or are the defaults kinda
> lame?
>
> Please respond, I'm most curious about this...
>
> thanks,
>
> Dave
+----------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network Engineer | 25416 22nd So | Give me Linux |
| babydr at baby-dragons.com | DesMoines WA 98198 | only on AXP |
+----------------------------------------------------------------+
More information about the bind-workers
mailing list