Security Incidents mailing list archives

Logging named version requests

From: "Osvaldo J. Filho" <osvaldojaneri () UOL COM BR>
Date: Wed, 7 Feb 2001 22:38:44 -0300

        With all these bind bug buzzing, I did a (very) small patch to
(sys)log que version request for the latest 8.x.x named (8.2.3-REL). It
can be found at http://brsec.xnext.com.br/named-patch.tgz.

        I think this is really important to keep a eye on intruders
looking for vulnerable servers on your network.

        A example of the output on my /var/log/messages looks like:

Feb  7 21:42:19 kbyte named[12434]: ALERT: Version requested from
10.0.0.1.  Answering 8.2.3-REL


Thank you for the time.
---
Osvaldo J. Filho                                osvaldojaneri () uol com br
Unix Security Specialist
The Omega Project (Secure Linux) Coordinator    http://omegaproject.cjb.net
BrSec Coordinator
---

Current thread:

Logging named version requests Osvaldo J. Filho (Feb 06)
- Re: Logging named version requests Nicolas GREGOIRE (Feb 07)
- <Possible follow-ups>
- Re: Logging named version requests Luke Dudney (Feb 06)