Security Incidents mailing list archives
Re: BIND 8.2.2.-P3, 0-day exploit
From: patrick () PINE NL (Patrick Oonk)
Date: Thu, 27 Apr 2000 21:57:51 +0200
On Thu, Apr 27, 2000 at 08:59:07AM -0700, Ryan Russell wrote:
Anyone have one of these scanners that's being used in the wild? Do just they do banner scanning, as suggested below, or do they just try the exploit regardless? Judging by how many folks here are repoting successful owning by the ADMrocks exploit, I would assume that it works particularly well, even for the most clueless kiddies.
For the most lame of them, there's even a how-to at http://www.hack.co.za/daem0n/named/NXT-Howto.txt -- Patrick Oonk - PO1-6BONE - patrick () pine nl - www.pine.nl/~patrick Pine Internet - PAT31337-RIPE - PGP keyID BE7497F1 - XOIP 0208723350 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://security.nl PGP fingerprint A6 12 66 7F 22 84 1B E5 73 8C 99 F7 17 7B A3 98 Excuse of the day: Communist revolutionaries taking over the server room and demanding all the computers in the building or they shoot the sysadmin. Poor misguided fools.
Current thread:
- Re: Rooted through in.identd on Red Hat 6.0, (continued)
- Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
- Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
- !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
- Re: !!!Linux ELF infector!!! John Flux (Apr 24)
- BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
- Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
- Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
- Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
- Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
- Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)
- Re: BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 27)
- regulary 137 and 524 port scan Cho Yongsang (Apr 27)
- huge scans from www.oix.com jose (Apr 28)
- I am popular today... Dirk Koopman (Apr 28)
- Re: I am popular today... Ryan Sweat (Apr 28)
- Analysis: AboveNet attacks Robert Graham (Apr 28)
- Re: I am popular today... Ville (Apr 29)
- Lots netbios scans (udp 137) Russell Fulton (Apr 30)
- High port UDP probe? Damian Gerow (Apr 25)
- Re: High port UDP probe? Mark Rowe (Apr 26)
- Lots of scan on port 9520 Erick Perez (Apr 25)