spennebUNI-MUENSTER.DE

• Next message: Joey McAlerney: "Re: UDP port 9200"
• Previous message: Seth Milder: "Re: Cracked by the Brazilians"
• Next in thread: Seth Milder: "Re: Cracked by the Brazilians"
• Maybe reply: Ralf Spenneberg: "Re: Cracked by the Brazilians"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

Are you sure that your bind is just listening to the private ethernet card?
The ADMROCKS Attack is quite famous. There were at least three
vulnerabilities in bind 8.2 last year. They might not have made it to to 6.0
updates directory, because 6.1 was the active distribution. And yes, that
one had several bind updates.

Cheers,

Ralf

> Von: Seth Milder <mrsethPHYSICS.GMU.EDU>
> Antworten an: Seth Milder <mrsethPHYSICS.GMU.EDU>
> Datum: Thu, 30 Mar 2000 13:22:56 -0500
> An: INCIDENTSSECURITYFOCUS.COM
> Betreff: Cracked by the Brazilians
>
> Hi.
>
> I am running a Linux server that is running RH 6.0. I have implemented
> TCP wrappers, portsentry, logcheck and religiously applied any patches
> as soon as possible. Still, I get cracked. My server runs Bind-8.2
> (caching nameserver only, which is bound to an ethernet card with
> private addresses), PostgreSQL, NFS, ssh2 (no root login allowed),
> ipop3d, and NIS. It also serves as a IP MASQ server for a computer lab
> through a second ethernet card. I found the usual BitchX stuff along
> with the package bscan.tar which contains:
>

>
> I guess this may have something to do with this:
> [rootphysics ADMROCKS]# pwd
> /var/named/ADMROCKS
>

• Next message: Joey McAlerney: "Re: UDP port 9200"
• Previous message: Seth Milder: "Re: Cracked by the Brazilians"
• Next in thread: Seth Milder: "Re: Cracked by the Brazilians"
• Maybe reply: Ralf Spenneberg: "Re: Cracked by the Brazilians"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]