Security Incidents mailing list archives
DNS Injection Problem
From: "Blade Runner" <blade () seven com br>
Date: Mon, 5 May 2003 14:11:06 -0300 (BRT)
Hi list, I am facing a serious problem here. My client works as an ISP and somebody is injecting parameters in their DNS tables/files. Eventually dial-up costumers are accessing faked home pages ( usually banks ). These attacks were reported to the FPD ( Federal Police Dep ), but they didn't find anything yet. I am looking for a vulnerability in my server but it is a hard thing to do. Maybe you, security masters, can help me with this. This is the server configuration. OS: Slackware 8.1 kernel 2.4.20 DNS Server: bind 9.2.2 # I am focusing my attention here, looking for bugs. Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0 Courier-Imap 1.7.1 Qmail 1.03 Proftpd 1.2.8 # no root or anonymous connections Here it goes a scanner showing my open ports. Port State Service 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 113/tcp open auth 143/tcp open imap2 In this server we do not allow telnet/rsh or any shell connection. Since I am a newbie, I would appreciate some advices and tips. Thanks a lot and sorry about my poor English -- Blade Runner - Squirrel Mail Linux Powered LICQ 40959703 ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- DNS Injection Problem Blade Runner (May 05)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Glenn Forbes Fleming Larratt (May 06)
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem David Conrad (May 05)
- OT:Healthcare incidents? Paul Farley (May 06)
- RE: Healthcare incidents? Paul Farley (May 06)
- OT:Healthcare incidents? Paul Farley (May 06)
- Re: DNS Injection Problem Benjamin A. Okopnik (May 06)
- Re: DNS Injection Problem Chip Mefford (May 06)
- Re: DNS Injection Problem Þórhallur Hálfdánarson (May 06)
- Message not available
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem Danny (May 05)