Re: More DNS scans

[John <johns () TAMPABAY RR COM>]

I have seen and heard about six different Bind exploits whether it be
private or public.
I would guess there are tons of scripts going around to scan for Bind right
now as it
is not a very hard thing to do. Also people are probably blind exploiting
servers in
which they will scan tons of subnets and not take the time to check the Bind
version,
but run the exploit at all the servers one by one instead.

----- Original Message -----
From: John Pettitt <jpp () CLOUDVIEW COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Monday, February 19, 2001 12:34 AM
Subject: More DNS scans


: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
:
: Another bunch of DNS scans - is there a new script out do take advantage
of
: the bind bugs?
:
: This one is another Linux box with the default redhat apache home page on
: it's web server!
:
: Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53
: TCP: 203.126.81.2:53 -> 216.103.77.155:53
: Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53
: TCP: 203.126.81.2:53 -> 216.103.77.156:53
: Feb 18 07:08:25 gatekeeper snort[219]: IDS277 - NAMED Iquery Probe:
: 203.126.81.2:1905 -> 216.103.77.155:53
: Feb 18 07:08:26 gatekeeper snort[219]: MISC-DNS-version-query:
: 203.126.81.2:1905 -> 216.103.77.155:53
:
:
: John Pettitt <jpp () cloudview com>  AOL-IM: CanisRosa
:
: SigInt bait ;-)
:     A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap.
:     Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH
:
:
: -----BEGIN PGP SIGNATURE-----
: Version: PGP Personal Privacy 6.5.3
:
: iQA/AwUBOpCwUqdEVMR4hjZYEQLMxwCgzItOBI2QO+yOqH1qpsOYJ5u7qx4Ani/n
: pken+1ju12EehzwBAso0+RdM
: =ZM9/
: -----END PGP SIGNATURE-----