I've since noted on investigation that the client was/is running a version of BIND that is vulnerable to several exploits (8.3.3) - so this looks perhaps like someone is using old exploits in a fairly widespread manner (I think all of our reports are from England or West Europe so far ?). Hopefully it's not a worm, I'd guess if that were the case, we would have noticed it fairly heavily by now, as whatever it is has been going for at least 24 hours. -----Original Message----- From: Chris Phillips [mailto:chrisat_private] Sent: 16 May 2003 01:44 To: Mark Ng Cc: Gaby Vanhegan; incidentsat_private Subject: RE: BIND Crash The line in /tmp was from a php session. Nothing to do with BIND. On Thu, 15 May 2003, Mark Ng wrote: > I've seen this today too. One of my clients DNS servers has crashed twice > in the same day, both times with the same message (or very similar) > > May 14 21:19:19 bilbo2 named[9491]: ns_resp.c:3946: ENSURE(cp <= eom_out) > failed. > > I've not seen the file in /tmp on this machine however. I'm looking to see > if there have been any similar problems on any of their other machines. > > Will report if I see anything else. > > -----Original Message----- > From: Gaby Vanhegan [mailto:gaby.vanheganat_private] > Sent: 15 May 2003 09:05 > To: incidentsat_private > Subject: BIND Crash > ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 15 2003 - 22:15:49 PDT