Security Incidents mailing list archives
Re: Microsoft version.binding us now?
From: Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)
Date: Tue, 30 May 2000 11:52:08 +0200
On Tue, May 30, 2000 at 09:40:51AM +0100, Fernando Cardoso wrote:
Bind version queries and/or DNS zone transfers (6 tries this night from a server in Austria) are quite popular in these "bind NXT bug" days. Often they are exploratory manoeuvres from script kiddies trying to crack your DNS server. Make sure your nameservers are running bind 8.2.2-P5. Also, defining acls for zone transfers might be a good idea.
Yes, thats clear. But a bind version scan is a one time shot, not a continuous thing. And these MS hosts are trying to retrieve the versions periodically. Or are the source addresses spoofed? Again, makes no big sense when done periodically. Erich
Current thread:
- Re: Microsoft version.binding us now? Erich Meier (May 30)