Unsuspected "named" behaviour

From: Gustav (gustavat_private)
Date: Tue Aug 07 2001 - 10:18:13 PDT

Next message: Marc Maiffret: "RE: more Code Red analysis"

Previous message: Dave Laird: "Re: Code Red II - Dead Thread"
Next in thread: dewt: "Re: Unsuspected "named" behaviour"
Reply: dewt: "Re: Unsuspected "named" behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

While doing some searching after an imaginary bug on my name-server, I
stumbled across something strange.
I found "named" listening on an undocumented high udp-port. I haven't heard
of this before, so I wondered if one of you geniouses could help me out. My
paranoid side is screaming trojan, but I haven't found any documentation on
the subject. Could anyone point me in the right direction?

I'm running Bind 8.2.3 on a Linux box with kernel 2.2.16.

regards

Gustav


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Marc Maiffret: "RE: more Code Red analysis"
Previous message: Dave Laird: "Re: Code Red II - Dead Thread"
Next in thread: dewt: "Re: Unsuspected "named" behaviour"
Reply: dewt: "Re: Unsuspected "named" behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:02:38 PDT