Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: massive bind8 exploitation - t0rnkit8

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Mon, 12 Feb 2001 12:23:43 -0700
On Mon, 12 Feb 2001, Roberto wrote:


Hola again !
It has become to my attention that there is massive
bind8.2(p3/p5/p7) exploitation taking place, and
tornkit8 being used. There are already worms for this
on many underground irc channels floating around for
users to use..


ANy information on what OSes are targeted?  I've seen a large jump in
scans for TCP 53, and UDP 111, and the occasional TCP 21.  In each case,
when the machine was still at the same IP when I went to check later, it
was Red Hat 6.0, 6.2 or 7.0.  None of them were listening on 27374, which
I would expect if it were Ramen.

                                        Ryan
Previous By Date Next
Previous By Thread Next

Current thread: