DNS dying
Bryan Bradsby
Bryan.Bradsby at capnet.state.tx.us
Wed Oct 4 18:32:10 UTC 2000
On Wed, 4 Oct 2000, Guillermo Villasana Cardoza wrote:
> Well no upgrade was made in this last few days...I'm also thinking it is
> some sort of attack, but the logs doesn't show that either... No strange
> activity in cron, nor unusual telnets or ftps.
>
> I will turn up the debugging on the DNS.
> I am running a Linux Mandrake with Bind 8.2.1
I believe this is an attack. Perhaps an attempt to overrun the stack and
execute code, but since you are running a different OS than the one the
attack is written for, the byte alignment is off a byte or two.
We saw this way too often until we upgraded to the latest version of BIND
(4 years ago, when I took over some of these machines).
> Thanks again
-bryan bradsby
More information about the bind-users
mailing list