Security Incidents mailing list archives

Re: DNS Injection Problem

From: Danny <danny () drexel edu>
Date: Mon, 05 May 2003 20:30:44 -0400


On Monday, May 5, 2003, at 01:11  PM, Blade Runner wrote:

OS: Slackware 8.1  kernel 2.4.20
DNS Server: bind 9.2.2 # I am focusing my attention here, looking forbugs.

Do you have bind interacting with a windows Active Directory Setupwhich allows clients to update / modify DNS in bind?

Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0

Squirrel Mail has had quite a number of security problems in the past,Have you kept on top of the patches and updates for it in the past?


Proftpd 1.2.8 # no root or anonymous connections

Here it goes a scanner showing my open ports.

Port       State       Service
21/tcp     open        ftp
23/tcp     open        telnet
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
110/tcp    open        pop-3
113/tcp    open        auth
143/tcp    open        imap2

Is this a *full* port scan using -p 1-65535 / -p- or simply nmapsdefault scan?



In this server we do not allow telnet/rsh or any shell connection.

Since I am a newbie, I would appreciate some advices and tips.

Er, you say that you do not allow any telnet access to this server butyou are running the telnet service, thats probably not a good idea, Ifyou meant you don't allow any clients remote access to the server i'dsuggest ditching telnet and using [Open]SSH... If *noone* has remoteaccess to this server than you should disable the telnet service.


Thanks a lot and sorry about my poor English


Danny
Network Security Engineer


----------------------------------------------------------------------------

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, theworld's premier event for IT and network security experts. The two-dayTraining features 6 hand-on courses on May 12-13 taught by professionals.The two-day Briefings on May 14-15 features 24 top speakers with no vendorsales pitches. Deadline for the best rates is April 25. Register today toensure your place. http://www.securityfocus.com/BlackHat-incidents----------------------------------------------------------------------------

Current thread:

DNS Injection Problem Blade Runner (May 05)
- Re: DNS Injection Problem Danny (May 05)
  - Re: DNS Injection Problem Glenn Forbes Fleming Larratt (May 06)
  - Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem David Conrad (May 05)
  - OT:Healthcare incidents? Paul Farley (May 06)
    - RE: Healthcare incidents? Paul Farley (May 06)
- Re: DNS Injection Problem Benjamin A. Okopnik (May 06)
- Re: DNS Injection Problem Chip Mefford (May 06)
- Re: DNS Injection Problem Þórhallur Hálfdánarson (May 06)
- Message not available
  - Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem Stephen P. Berry (May 07)