[NCLUG] Script Kiddies - BIND 8.2.2 exploit
Sean Reifschneider
jafo at tummy.com
Mon Feb 19 16:30:17 MST 2001
On Mon, Feb 19, 2001 at 02:35:04PM -0700, John L. Bass wrote:
>For those that haven't closed the BIND/named 8.2.2 exploit yet, better get with
>it. The script kiddies hit 3 of the machines on the CWX network this last week.
Not suprising. That one's really easy to scan for, and we found "in the wild"
scanners which were doing that over blocks of addresses. Easy to find, easy
to exploit... What more could a cracker ask for?
>Upgrading to 8.2.3 bits is one fix, blocking access with ipchains another, or
>for machines not externally serving zone/DNS entries, using the listen-on option
Or upgrading to djbdns... If all you're looking for is a caching DNS server,
djbdns will do a fantastic job. In fact, some of the intermittant problems
I was seeing with netscape not resolving a domain name have stopped since I
moved to it on my laptop (from bind).
If you are doing more complex DNS, it's more of a pain to switch to...
Sean
--
If we could sell our experiences for what they cost us, we'd all be
millionaires. -- Abigail Van Buren
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the NCLUG
mailing list