are these BIND errors....

Brad Knowles brad.knowles at skynet.be
Thu Jun 28 23:51:45 UTC 2001 

At 4:08 PM -0700 6/28/01, Gary Kline wrote:

>        When I first jumped into BIND and running my own nameserver, *etc*,
>        a friend suggested that the ``log_in_vain'' entry would let me
>        track all the would be crackers.

	This option is good at letting you see probing activity, and 
other real connection attempts.  However, attackers now use much more 
intelligent methods to see what is on a machine, and they can usually 
only be detected by tools that work at a much lower level in the 
TCP/IP stack -- such as firewalls.

>                                          Before a few months ago I was
>        snug and secure behind my worksite's firewall...  then, security
>        wasn't an issue.    Security is very much an issue  and I'm still
>        on the edge of a learning curve.

	Yup.  I'd encourage you to run firewall software of your own on 
each and every one of your publicly accessible servers, and have them 
all configured to allow only the specific traffic you know that the 
machine should be seeing, and refusing all the rest.

	I know that this is a lot of work, but you can't depend on 
everything being behind a single network firewall, and that network 
firewall protecting you from all attacks -- if someone manages to get 
into a machine behind the firewall, then they have complete 
unrestricted access to your entire network.

	However, with host-level firewalling on each public server, once 
they break through the front door, they find that all the doors in 
the hallways beyond are also themselves locked, and this poses a more 
difficult task for them to attempt.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list