Bugtraq mailing list archives
Re: more named warez
From: angus () INTASYS COM (Gus)
Date: Sun, 14 Jun 1998 23:53:41 +0100
This was mostly for my own amusement, since I am always interested in /who/ is trying to 0wn my boxen, as well as preventing it. When an exploit attempt is recieved, you get: Jun 14 23:45:47 victim named[2670]: IQUERY recieved from [192.168.0.20].27447 The patch is for 4.9.6-REL, but it should work accross the board, you get the idea, anyways. named may be (is?) the new imapd, with all the bulk scanning that that implies. You all know the score. *** ns_req.c Tue Apr 7 05:59:46 1998 --- ns_req.c.new Thu Jun 4 13:54:07 1998 *************** *** 193,199 **** break; case IQUERY: ! action = req_iquery(hp, &cp, eom, &buflen, msg, from); break; #ifdef BIND_NOTIFY --- 193,201 ---- break; case IQUERY: ! hp->rcode = REFUSED; ! action = Finish; ! syslog(LOG_ALERT,"IQUERY recieved from %s",sin_ntoa(from)); break; #ifdef BIND_NOTIFY -- angus () intasys com
Current thread:
- Re: more named warez Joshua J. Drake (Jun 10)
- Re: more named warez Gus (Jun 14)