"Dave Clendenan": [BIND-BUGS #931] attack on my nameserver

Mr. James W. Laferriere babydr at baby-dragons.com
Sat Jun 3 16:47:30 UTC 2000


	Hello Paul, I've found no evidence of this type of intrusion
	on my name-servers .  Dave, Could this be a remnant of an 
	intrusion from when the system was running an earlier version ?
		Hth, JimL

On Sat, 3 Jun 2000, Paul A Vixie wrote:
> anybody else seen this?
> ------- Forwarded Message
 ...header snipped...
> Hi
> 
> last weekend my server was attacked, and the means 
> of entry seemed to be bind 8.2.2-P5
> yup, the latest bind.
> 
> the telltale 'ADMROCKS' directory was left in 
> /var/named.
> 
> It seems from my research that the problem was mostly that I'd
> run with the default (allow recursion and fetch-glue requests, 
> run as root) settings.
> 
> Everything I've read since says don't do any of these things.
> 
> Have I been reading the wrong info, or are the defaults kinda
> lame?
> 
> Please respond, I'm most curious about this...
> 
> thanks,
> 
> Dave
       +----------------------------------------------------------------+
       | James   W.   Laferriere | System  Techniques | Give me VMS     |
       | Network        Engineer | 25416      22nd So |  Give me Linux  |
       | babydr at baby-dragons.com | DesMoines WA 98198 |   only  on  AXP |
       +----------------------------------------------------------------+




More information about the bind-workers mailing list