>How they use AXFR transfers to get access I don�t now? But the transfers >started a few days before the hackers gain access.
Many ways. The most likely would be one of the following: ISC host Remote Buffer Overflow Vulnerability - http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=188 7 Multiple Vendor BIND (NXT Overflow & Denial of Service) Vulnerabilities http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=788 ISC BIND Internal Memory Disclosure Vulnerability - http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=232 1 Multiple Vendor BIND iquery buffer overflow Vulnerability - http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=134 Ways to discourage/prevent this behaviour are: - Use of ACLs to restrict queries/transfers (if the GUI doesn't cause problems ;) ) - Hide the version of bind in use by version "Whatever you like here"; in the options section of named.conf - Latest versions etc.. Enjoy, --Gareth _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
