Is this a compromise ?
Sumit Mehrotra
sumit at cs.bu.edu
Tue Feb 20 05:04:16 UTC 2001
Thanks guys for the "grouchy" e-mails !
What I was more interested was the kind of exploit that could/was done to my machine, as indicated by the logs I had indicated. Any pointers to the problem in detail and possible benefits a hacker could gain out of it (again in detail) would be very helpful. Especially, now that I would (possibly) have to weed out the unwanted things if any.
Thanks a lot again! (Hope for Tuesday e-mails this time round Nate :)
- Sumit
On Mon, 19 Feb 2001, Nate Duehr wrote:
> On Mon, Feb 19, 2001 at 07:49:12PM -0500, Sumit Mehrotra wrote:
> > I am running BIND 8.2.2-P7 on Red Hat 6.2. ( Sorry to hurt the feelings of all
> > the people working for a `secure and safer BIND', I know I should upgrade to
> > 8.2.3 or 9.x !)
>
> Agreed with the other responder. The upgrade isn't exactly "optional"
> -- you'll either upgrade, or your machine *will* get broken into. Good
> luck explaining that to your customers if you have any hosted on the
> machine. And if the machine serves multiple-roles (web server,
> whatever...) you're putting all of your data on it at risk by not
> upgrading. Why?
>
> And if/when your machine becomes a jumping off point to attack someone
> else's machine from, I hope you have heavy egress firewall rules. Otherwise
> (especially if you are on high-bandwidth links) you're setting
> yourself up for heavy financial liability -- especially now that you've
> shown disdain for proper maintenance of your server in a public forum.
>
> Yep, it's monday. Everyone's grouchy. :-)
>
> --
> Nate Duehr <nate at natetech.com>
>
> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
> Public Key available upon request, or at wwwkeys.pgp.net and others.
>
More information about the bind-users
mailing list