Re: Probes from Microsoft

[Tim Yocum <tim () YOCUM ORG>]

In previous mail, Ryan Russell said:
> >   VERSION.BIND    text = "8.2.2-P5"
>
> Now, I probably wouldn't have posted that...  Anyone know if F5 just has
> some sort of regular unix running underneath?

Yes. It's a modified FreeBSD kernel. 3DNS boxes are generally
P3s with half a gig of RAM and either a few Intel FE NICs or
Packet Engines gige NICs.

> The only thing to investigate is the BIND version on that box.

I've been trying to get a response from F5 about this for a
while. They insist that their version of bind (it's somewhat
altered from original source, hence not easily upgraded without
vendor support) is not vulnerable to certain exploits. Whether
or not this is the case has yet to be determined. I haven't seen
any strange activity on the 3DNS controllers I run, but it doesn't
make me feel too secure running old bits, either.

- Tim
--
tim () yocum org / http://www.yocum.org / Chicago, IL, USA
Q: How many surrealists does it take to screw in a lightbulb?
A: Two. One to hold the giraffe and the other to fill the bathtub
   with brightly colored machine tools.