Root Name Servers won't respond to named.

milton at calnek.com milton at calnek.com
Tue Mar 27 22:35:19 UTC 2001 

In message <p0510081bb6e6bb56c515@[194.78.241.123]>, Brad Knowles writes:
> At 10:52 AM -0700 3/27/01, milton at calnek.com wrote:
> 
> >  I'm reluctant to upgrade beyond what comes from redhat.  I don't 
> >belive that's
> >  what the problem is.  I was previously at 8.2.2 and all of a sudden 
> >it stopped
> >  working.
> 
> 	Problem is, BIND 8.2.2 has a root compromise that means anyone in 
> the world can own your machine in nanoseconds.  There's even a Linux 
> "worm" going around that will automatically compromise any vulnerable 
> machine it encounters.  See 
> <http://www.securityfocus.com/templates/headline.html?id=10851> and 
> <http://www.securityfocus.com/bid/2302>.  Note that the latter is 
> dated January 29, 2001.
> 
> 	Obviously, you're one of the sites that would be compromised by 
> the Linux Lion Worm (and probably already has been), since you didn't 
> apply the update to your machines when the problem was first 
> published in January.

No, I don't believe so... I'm familiar with the worm as it has affected 
other machines I know about and I have cleaned up afer it.  I did one
clean up by giving instructions over the phone, as I would not login because
hte host did not have ssh.    I don't believe that I'm subject to 
this problem as my named is behind a masquared firewall.  There is no direct 
access from the internet to my named.

> 
> 
> 	I still suggest getting at least 8.2.3-REL and installing it on 
> your machines, if not trying the latest release candidate for 9.1.1 
> (currently at 9.1.1rc7).  Ideally, you'd also download the source 
> code and compile it for yourself, because you can't be sure that the 
> binary RPMs you download have not themselves been trojaned.
> -- 
> Brad Knowles, <brad.knowles at skynet.be>
> 
> /*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
> /*       Represented as 1045 digit prime number by Phil Carmody         */
> /*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
> /*                                                                      */
> /*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
> /*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */
> 
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

--
Milton Calnek
milton at calnek.com
TTI: +1 403 870 8479 milton at tti-telecom.com

www.tti-telecom.com

GCS d- s:+ a- C++$ ULH+++$ P+++ L+++ E--- W-- N o? K w O? M+
V- PS++ PE Y+ PGP->+ t+ !5 X+ R tv b+ DI++ !D G>++++ e++ 
h--- r+++ y+++

More information about the bind-users mailing list