Derek,
Does named on your machine provide DNS service to arbitrary machines
on the internet?
If not, I think it is a good idea to limit incoming UDP DNS (port 53)
packets to be allowed in/out only from/to the 3 or so known DNS servers
you intend to use.
Now, I can imagine that *you* are doing something more complicated. I
am really just mentioning to the list in general that if one is running
named for some reason (e.g. central DNS service point for machines on one's
LAN), it is a good idea to go thru the extra effort to setup ipchains
to drop all udp/53 traffic except to a few known IP addresses. BIND has
quite a history of exploits.
(and yes, I realize if those server's IP addresses change frequently, that
is a pain, but they normally don't change very often, at least on Mediaone)
Best,
Karl Runge
On Sat, 22 Apr 2000, Derek Martin <[EMAIL PROTECTED]> wrote:
>
> I believe I have identified how my system was compromized. CERT has
> released this advisory regarding BIND 8.2:
>
> http://www.cert.org/advisories/CA-99-14-bind.html
>
> If you are running BIND on an Internet accessible RH6.1 machine, go get
> the updates NOW!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
