Security Incidents mailing list archives
Re: More rootkit defense
From: gabriel rosenkoetter <gr () ECLIPSED NET>
Date: Wed, 28 Mar 2001 19:55:26 -0500
On Wed, Mar 28, 2001 at 03:48:41PM -0800, Phil Stracchino wrote:
That's like not bothering to lock the door of your house when you go away on vacation because a burglar might conceivably pick the lock, or not getting a tetanus booster because it won't protect you against hepatitis.
I suppose, but running any BIND prior to 8.2.3 is pretty much doing the same thing. It's really very little effort to upgrade and chroot compared to the effort needed to patch up after a breakin.
Is BIND9 stable yet? Last time I looked (which was only a few weeks ago), the cautions on the ISC site gave me the strong impression that it was considered to be still in beta, supported only a subset of BIND8 functionality, and in general was not recommended for use on production systems.
Erm... BIND was supposedly stable and useable as of BIND 9.1.0, which has been out for well more than a few weeks, and I'm quite content with 9.1.1rc1 (though I don't serve a massive number of zones by any means). I could not find any literature suggesting BIND9 was unstable (though it may still lack some features, it has soem new ones that are quite useful, such as views). In fact, according to http://www.isc.org/products/BIND/bind-security.html: ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to BIND version 9.1 is strongly recommended. If that is not possible for your site, upgrading at least to BIND version 8.2.3 is imperative. If memory serves, Paul Vixie said he was running BIND 9 on F (ISC's root nameserver) when he spoke at LISA this past year. BIND 8.2.3 is theoretically safe, but no one's suggesting they're doing an audit of any BIND8 source, so more problems will probably crop up and be patched in the same way. So, I'd say BIND9 is useable and ought to be used unless it still lacks some specific BIND8 feature you know you have to have. ~ g r @ eclipsed.net
Current thread:
- More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 28)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 28)