Security Incidents mailing list archives
Re: Bind 9.2.X exploit???
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Wed, 24 Jul 2002 23:04:58 -0700 (PDT)
Yes i also found the very same tool like back in April on one of my client's compromised RH machine. I think the comments/* */ portion contains a copyright by teso. So probably, you cannot just distributed it like that, or maybe you can I'm not too sure, there have been some scene before regarding such issues with the freebsd remote telnet exploit by the same teso people. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk --- ilker "güvercin" <holy () linuxmail org> wrote:
I found a tool on my compramised machine called bind9 and the source code is still there. its made by team teso bind9 Exploit by by scut of teso [http://teso.scene.at/]... Usage: ./bind remote_addr domainname target_id Targets: 0 - Linux RedHat 6.0 (9.2.x) 1 - Linux RedHat 6.2 (9.2.x) 2 - Linux RedHat 7.2 (9.2.x) 3 - Linux Slackware 8.0 (9.2.x) 4 - Linux Debian (all) (9.2.x) 5 - FreeBSD 3.4 (8.2.x) 6 - FreeBSD 3.5 (8.2.x) 7 - FreeBSD 4.x (8.2.x) Example usage: $ host -t ns domain.com domain.com name server dns1.domain.com $ ./bind9 dns1.domain.com domain.com 0 [..expl output..] I didnt test it; its workin or not. Anybody have knowlegde about this.Sorry for my poor english:) if anyone wanna test it I can send the source code. holy () linuxmail org ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
_____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email () yourgroup org by Everyone.net http://www.everyone.net/?btn=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Bind 9.2.X exploit??? güvercin (Jul 24)
- Re: Bind 9.2.X exploit??? Patrick Andry (Jul 25)
- Re: Bind 9.2.X exploit??? David Conrad (Jul 25)
- Re: Bind 9.2.X exploit??? Jim Clausing (Jul 25)
- Re: Bind 9.2.X exploit??? David Conrad (Jul 25)
- Surge of attacks on ports 61127 & 61134 Joseph (Jul 25)
- Re: Bind 9.2.X exploit??? Patrick Andry (Jul 25)
- Re: Bind 9.2.X exploit??? Alexandru Balan (Jul 26)
- Re: Bind 9.2.X exploit??? David Carmean (Jul 26)
- <Possible follow-ups>
- Re: Bind 9.2.X exploit??? Muhammad Faisal Rauf Danka (Jul 25)
- Re: Bind 9.2.X exploit??? Sebastian (Jul 25)