BIND unappproved updates

asenec at senechalle.net asenec at senechalle.net
Wed Feb 14 04:28:57 UTC 2001 

You're like me--administer your own server last, and that's what
I planned to do, until two of our nameservers were exploited through
8.2.2-P7 yesterday.  My Solaris had a drive failure last fall, 
and when I reinstalled, my compile environment was broken, 
so when I quit last night, I still had not been able
to get 8.2.3 upgraded.  I just knew I'd get back on to my server
and find an empty drive.  Fortunately, that didn't happen, and 
after a couple hours of work, I was successfully upgraded to
8.2.3 on my own machine.  Once you've seen how easily the
script kiddies get root access through named, you won't rest
until you have upgraded to 8.2.3.

Annette

> From bind-users-bounce at isc.org Tue Feb 13 21:25 CST 2001
> Date: Tue, 13 Feb 2001 17:11:40 -0500 (EST)
> From: Thomas Kellar <tkellar at fsp.fsp.com>
> To: Mark.Andrews at nominum.com
> cc: bind-users at isc.org
> Subject: Re: BIND unappproved updates 
> MIME-Version: 1.0
> X-DCC-MAPS-Metrics: isrv3.isc.org 668; IP=0+ok env_From=0+ok From=0+3105
> 	Subject=0+1427 Message-ID=0+1426 Received=0+1426 Body=0+1426
> 	Fuz1=0+1426
> Content-Transfer-Encoding: 8bit
> List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
> X-List-ID: <bind-users.isc.org>
> 
> 
> 
> Thanks for the response.  I am running 8.2.2P5 and I know I need
> to update (to 8.2.3) but I do the systems I get paid for before my own
> system. 
> 
> The _source_ of the updates is another network that has an unresponsive
> abuse email address.  I finally got their attention by sending email to
> their corporate personnel. (Though they have not stopped as of 17:06 EDT)  
> I'd really like to know how someone misconfigures and gets my unique
> domain name into their W2K computer and starts sending me updates.  It
> scares me that these built-in-DOS enabled computers are plugging into the
> Internet and Microsoft cares not but for the money it gets.
> 
> Thomas
> -- 
> w8twk   Freelance Systems Programming   http://www.fsp.com
> 
> On Wed, 14 Feb 2001 Mark.Andrews at nominum.com wrote:
> > Q: I have "unapproved update" messages.  How do I stop these.
> > A: This indicates that you have a old version of named with known
> > security flaws, see http://www.isc.org/products/BIND/bind-security.html.
> > If you know that this is not a problem, i.e. your vendor has shipped you
> > a patched version, them apply the "denied update" solution below.
> > Q: I have "denied update" messages.  How do I stop these.
> > A: These are better stopped at the source.  The following link has
> > instructions on how to disable dynamic updates on Windows 2000 and
> > MacOS 9.  http://www.domainregistry.ie/tech/dynamic-dns.html
> 
> 
>

More information about the bind-users mailing list