dns attacks

[M ixter <mixter () 2XS CO IL>]

lately, I've heard some rumours, unconfirmed however,
about exploitation of an overflow in nameservers different
from the old one, in older bind8 versions. as I couldn't confirm
this in the source, maybe finding out if there are any
active exploitation attempts of this bug might help to determine
if it's a valid issue... if anyone running a secure/patched bind8
name server has recently experienced the following syslog message:

Sep 25 18:12:25 host named[390]: bad iquery from <ip.address>

..it'd be interesting to hear about it.


----------------------------------------------------------
 Mixter <mixter () 2xs co il>, 2xs LTD. http://www.2xs.co.il