Security Incidents mailing list archives
Re: DNS server crashed
From: Bryan Bradsby <Bryan.Bradsby () CAPNET STATE TX US>
Date: Wed, 7 Feb 2001 22:47:10 -0600
On Tue, 6 Feb 2001, Jason Lewis wrote:
Anyone aware of exploits for the recent BIND security holes? I had a name server crash today. Nothing in the logs that point to anything, it was just down.
http://www.isc.org/products/BIND/bind-security.html Especially the "zxfr bug"
It is the only box I can't upgrade BIND on. It has a funky OS install and I need to rebuild it from scratch. I am waiting for new boxes, so it is low priority.
Suggest you increase the priority. Try the suggested "zxfr bug" work-arounds if you can't install 8.2.3-REL. No version of bind v8.x earlier than 8.2.3-REL (including 8.2.3-beta.x) should be exposed to the internet today.
I suspect someone was attempting to hack it,
Probably. Note that if someone runs a stack overrun exploit "tuned" for linux and you don't have i386, or linux, one of the more likely results would be the symptom you report. The only way to find out if this was a DNS DOS, or attempted root exploit would be to stick an IDS on that net and catch the contents of the packets.
jas http://www.rivalpath.com
-bryan bradsby Texas State Government Net -- "I don't have to take this abuse from you -- I've got hundreds of people waiting to abuse me." -- Bill Murray, "Ghostbusters"
Current thread:
- Re: A question of intent / DHCP poison attack?, (continued)
- Re: A question of intent / DHCP poison attack? Ryan Russell (Feb 07)
- Re: A question of intent / DHCP poison attack? Valdis Kletnieks (Feb 07)
- Re: DNS server crashed Greg A. Woods (Feb 07)
- Re: DNS server crashed Jeremy Hanmer (Feb 06)
- Re: DNS server crashed Steve Stearns (Feb 06)
- Re: DNS server crashed Graphic Rezidew (Feb 06)
- Re: DNS server crashed Jason Lewis (Feb 07)
- Re: DNS server crashed karthik krishnamurthy (Feb 06)
- Re: DNS server crashed Andrei MURESAN (Feb 07)
- Re: DNS server crashed Max Gribov (Feb 07)
- Re: DNS server crashed Bryan Bradsby (Feb 10)
- Re: Crazy port 111 scans Tyrannis Von Nettesheim (Feb 06)
- Re: Crazy port 111 scans Reeves, Mike (Feb 06)
- Re: Crazy port 111 scans Reeves, Mike (Feb 07)
- Bad Referrals? Derek Kwan (Feb 07)
- Re: Bad Referrals? Chip McClure (Feb 07)
- Re: Bad Referrals? Derek Kwan [321844] (Feb 07)
- Re: Bad Referrals? Valdis Kletnieks (Feb 10)
- Bad Referrals? Derek Kwan (Feb 07)