Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft version.binding us now?

From: fernando () BN PT (Fernando Cardoso)
Date: Tue, 30 May 2000 09:40:51 +0100

Bind version queries and/or DNS zone transfers (6 tries this night from
a server in Austria) are quite popular in these "bind NXT bug" days.
Often they are exploratory manoeuvres from script kiddies trying to
crack your DNS server.

Make sure your nameservers are running bind 8.2.2-P5. Also, defining
acls for zone transfers might be a good idea.

Fernando

_________________________________________________________________
Fernando Cardoso                        Phone:  +351 21 7982186
Network Administrator           Fax:            +351 21 7982185
National Library                        E-mail: fernando () bn pt
Portugal                                PGP ID: 28551CB8


-----Original Message-----
From: Erich Meier [mailto:Erich.Meier () INFORMATIK UNI-ERLANGEN DE]
Sent: segunda-feira, 29 de Maio de 2000 14:02
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Microsoft version.binding us now?


On Fri, May 26, 2000 at 07:11:36PM -0500, Bill Marquette wrote:

I've seen the following scan on some servers I admin for

the last few days

from not only 207.46.106.84 but also a couple other systems

in that /24

address space.  So far I've seen the version.bind hits

about 50 times.  The

Exactly the same here. Always polling one of my nameservers
from 208.184.4.142
or 207.46.106.76 addresses.

No idea what they're trying to achieve.

Erich
--
Erich Meier
Erich.Meier () informatik uni-erlangen de

http://www4.informatik.uni-erlangen.de/~meier/
Previous By Date Next
Previous By Thread Next

Current thread: