Security Incidents mailing list archives
Re: More DNS scans
From: John <johns () TAMPABAY RR COM>
Date: Tue, 20 Feb 2001 00:20:44 -0500
I have seen and heard about six different Bind exploits whether it be private or public. I would guess there are tons of scripts going around to scan for Bind right now as it is not a very hard thing to do. Also people are probably blind exploiting servers in which they will scan tons of subnets and not take the time to check the Bind version, but run the exploit at all the servers one by one instead. ----- Original Message ----- From: John Pettitt <jpp () CLOUDVIEW COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Monday, February 19, 2001 12:34 AM Subject: More DNS scans : -----BEGIN PGP SIGNED MESSAGE----- : Hash: SHA1 : : Another bunch of DNS scans - is there a new script out do take advantage of : the bind bugs? : : This one is another Linux box with the default redhat apache home page on : it's web server! : : Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53 : TCP: 203.126.81.2:53 -> 216.103.77.155:53 : Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53 : TCP: 203.126.81.2:53 -> 216.103.77.156:53 : Feb 18 07:08:25 gatekeeper snort[219]: IDS277 - NAMED Iquery Probe: : 203.126.81.2:1905 -> 216.103.77.155:53 : Feb 18 07:08:26 gatekeeper snort[219]: MISC-DNS-version-query: : 203.126.81.2:1905 -> 216.103.77.155:53 : : : John Pettitt <jpp () cloudview com> AOL-IM: CanisRosa : : SigInt bait ;-) : A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap. : Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH : : : -----BEGIN PGP SIGNATURE----- : Version: PGP Personal Privacy 6.5.3 : : iQA/AwUBOpCwUqdEVMR4hjZYEQLMxwCgzItOBI2QO+yOqH1qpsOYJ5u7qx4Ani/n : pken+1ju12EehzwBAso0+RdM : =ZM9/ : -----END PGP SIGNATURE-----
Current thread:
- More DNS scans John Pettitt (Feb 19)
- Re: More DNS scans John (Feb 19)