Thanks to everyone who helped me out with this. I've updated one of the name servers to BIND 8.3.4, so we'll see if this is resilient to this problem. I'm staying away from moving over to BIND 9 if possible. Now I just have to wait and see if the attack will repeat this afternoon. If this is still a vulnerable system then it looks like we're making a rapid move over to tinydns. Looking at the vulnerability matrix at the bottom of the ISC/BIND security page it could have been the libbind resolver bug, the DOS bug (strongest candidate in my book) or the sigrec (not mentioned on the page?). However, they all state that there is no known exploit for these vulns, so I think this may need updating. Gaby -- GABY VANHEGAN, Web Developer gaby.vanheganat_private an agency called england marshall mill. marshall street. leeds LS11 9YJ t.0113 234 5600 f.0113 234 5601 http://www.englandagency.com/ This e-mail contains information that is confidential and may be Legally privileged. If this e-mail has been addressed to you in error and you are not the person intended or authorised to receive it or a copy of it, please notify the sender as soon as possible. ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 16 2003 - 11:52:18 PDT