"Dave Clendenan": [BIND-BUGS #931] attack on my nameserver
jlewis at lewis.org
jlewis at lewis.org
Sat Jun 3 17:05:55 UTC 2000
I've encountered one other person who reported such an intrusion with
8.2.2P5. In his case, he'd upgraded via RPM, but admitted that he
probably forgot to restart bind...so he'd installed new code, but was
running the old.
On Sat, 3 Jun 2000, Mr. James W. Laferriere wrote:
>
> Hello Paul, I've found no evidence of this type of intrusion
> on my name-servers . Dave, Could this be a remnant of an
> intrusion from when the system was running an earlier version ?
> Hth, JimL
>
> On Sat, 3 Jun 2000, Paul A Vixie wrote:
> > anybody else seen this?
> > ------- Forwarded Message
> ...header snipped...
> > Hi
> >
> > last weekend my server was attacked, and the means
> > of entry seemed to be bind 8.2.2-P5
> > yup, the latest bind.
> >
> > the telltale 'ADMROCKS' directory was left in
> > /var/named.
> >
> > It seems from my research that the problem was mostly that I'd
> > run with the default (allow recursion and fetch-glue requests,
> > run as root) settings.
> >
> > Everything I've read since says don't do any of these things.
> >
> > Have I been reading the wrong info, or are the defaults kinda
> > lame?
> >
> > Please respond, I'm most curious about this...
> >
> > thanks,
> >
> > Dave
> +----------------------------------------------------------------+
> | James W. Laferriere | System Techniques | Give me VMS |
> | Network Engineer | 25416 22nd So | Give me Linux |
> | babydr at baby-dragons.com | DesMoines WA 98198 | only on AXP |
> +----------------------------------------------------------------+
>
>
>
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the bind-workers
mailing list