Security Incidents mailing list archives
Re: massive bind8 exploitation - t0rnkit8
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Mon, 12 Feb 2001 12:23:43 -0700
On Mon, 12 Feb 2001, Roberto wrote:
Hola again ! It has become to my attention that there is massive bind8.2(p3/p5/p7) exploitation taking place, and tornkit8 being used. There are already worms for this on many underground irc channels floating around for users to use..
ANy information on what OSes are targeted? I've seen a large jump in scans for TCP 53, and UDP 111, and the occasional TCP 21. In each case, when the machine was still at the same IP when I went to check later, it was Red Hat 6.0, 6.2 or 7.0. None of them were listening on 27374, which I would expect if it were Ramen. Ryan
Current thread:
- massive bind8 exploitation - t0rnkit8 Roberto (Feb 12)
- Re: massive bind8 exploitation - t0rnkit8 Ryan Russell (Feb 13)
- <Possible follow-ups>
- Re: massive bind8 exploitation - t0rnkit8 Matteo,Marc A. (Feb 12)