Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cracked by the Brazilians

From: spenneb () UNI-MUENSTER DE (Ralf Spenneberg)
Date: Fri, 31 Mar 2000 08:00:17 +0200

Hi!

Are you sure that your bind is just listening to the private ethernet card?
The ADMROCKS Attack is quite famous. There were at least three
vulnerabilities in bind 8.2 last year. They might not have made it to to 6.0
updates directory, because 6.1 was the active distribution. And yes, that
one had several bind updates.

Cheers,

Ralf


Von: Seth Milder <mrseth () PHYSICS GMU EDU>
Antworten an: Seth Milder <mrseth () PHYSICS GMU EDU>
Datum: Thu, 30 Mar 2000 13:22:56 -0500
An: INCIDENTS () SECURITYFOCUS COM
Betreff: Cracked by the Brazilians

Hi.

I am running a Linux server that is running RH 6.0. I have implemented
TCP wrappers, portsentry, logcheck and religiously applied any patches
as soon as possible. Still, I get cracked. My server runs Bind-8.2
(caching nameserver only, which is bound to an ethernet card with
private addresses), PostgreSQL, NFS, ssh2 (no root login allowed),
ipop3d, and NIS. It also serves as a IP MASQ server for a computer lab
through a second ethernet card. I found the usual BitchX stuff along
with the package bscan.tar which contains:





I guess this may have something to do with this:
[root@physics ADMROCKS]# pwd
/var/named/ADMROCKS
Previous By Date Next
Previous By Thread Next

Current thread: