Blade Runner wrote: > Hi list, I am facing a serious problem here. My client works as an ISP and > somebody is injecting parameters in their DNS tables/files. This isn't very fun. > > DNS Server: bind 9.2.2 # I am focusing my attention here, looking for > bugs. bind 9.2.2 is really pretty tight. Have you paid careful attention to the "allow-update" and "allow-transfer" parameters. Also, Some folks integrate Windows Active Directory with bind 9. I don't know anything about that, but it sounds really scary. > > Here it goes a scanner showing my open ports. > > Port State Service > 21/tcp open ftp > 23/tcp open telnet You are running telnet. Lose it unless there is a REAL good reason for running it. > > 25/tcp open smtp > 53/tcp open domain > 80/tcp open http > 110/tcp open pop-3 > 113/tcp open auth > 143/tcp open imap2 > > > > In this server we do not allow telnet/rsh or any shell connection. Yes you do. > Thanks a lot and sorry about my poor English Your english is just fine. Don't worry about it. ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 06 2003 - 10:32:59 PDT