nanog mailing list archives
Re: Not a good day now stuff from here is on BBC
From: Charles Sprickman <spork () inch com>
Date: Thu, 1 Feb 2001 01:40:25 -0500 (EST)
On Wed, 31 Jan 2001, Henry R. Linneweh wrote:
I understand that, the issue I had with this is in the presentation "Major net security holes identified", Should have read "Major net security holes fixed " this would have been fair to Paul and crew. is all I am saying.....
I think that with the remote-shell exploit just released on Bugtraq the next article will have to revert to "Major security hole found - chaos ensues". In an informal survey of about two dozen hosts (upstreams, friends, well-known corporations), myself and a coworker found that all of them were running vulnerable versions. Of course it's possible some of these are running as user "bind", maybe chrooted, maybe firewalled, but I'd bet the majority aren't. Add up all the broadband users running some unix box as their gateway and running whatever version of bind came with their distro, and I think you'll find that there will be thousands more cracked boxes come tomorrow a.m. Pair all this with the current crop of DDoS tools and I think you'll find that this is one of the worst bugs to crop up in a long time. Charles
Simon Lockhart wrote:Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stmHeh, we're a news organisation. We report things as they happen ;-) Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart () bbc co uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/-- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh
Current thread:
- Re: Not a good day now stuff from here is on BBC Henry R. Linneweh (Feb 24)
- Re: Not a good day now stuff from here is on BBC Charles Sprickman (Feb 24)
- Reasons why BIND isn't being upgraded Jason Lewis (Feb 24)
- Re: Reasons why BIND isn't being upgraded Wayne Bouchard (Feb 24)
- Bind 8.2 Remote-shell Exploit is actually trojan to attack NAI John Fraizer (Feb 24)
- Reasons why BIND isn't being upgraded Jason Lewis (Feb 24)
- <Possible follow-ups>
- Re: Not a good day now stuff from here is on BBC BrandonButterworth (Feb 24)
- Re: Not a good day now stuff from here is on BBC Charles Sprickman (Feb 24)