Security Incidents mailing list archives
Re: DNS Injection Problem
From: Chip Mefford <cmefford () avwashington com>
Date: Tue, 06 May 2003 05:53:38 -0400
Blade Runner wrote:
Hi list, I am facing a serious problem here. My client works as an ISP andsomebody is injecting parameters in their DNS tables/files.
This isn't very fun.
DNS Server: bind 9.2.2 # I am focusing my attention here, looking for bugs.
bind 9.2.2 is really pretty tight. Have you paid careful attention to the "allow-update" and "allow-transfer" parameters. Also, Some folks integrate Windows Active Directory with bind 9. I don't know anything about that, but it sounds really scary.
Here it goes a scanner showing my open ports. Port State Service 21/tcp open ftp 23/tcp open telnet
You are running telnet. Lose it unless there is a REAL good reason for running it.
25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 113/tcp open auth 143/tcp open imap2 In this server we do not allow telnet/rsh or any shell connection.
Yes you do.
Thanks a lot and sorry about my poor English
Your english is just fine. Don't worry about it. ----------------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- DNS Injection Problem Blade Runner (May 05)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Glenn Forbes Fleming Larratt (May 06)
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem David Conrad (May 05)
- OT:Healthcare incidents? Paul Farley (May 06)
- RE: Healthcare incidents? Paul Farley (May 06)
- OT:Healthcare incidents? Paul Farley (May 06)
- Re: DNS Injection Problem Benjamin A. Okopnik (May 06)
- Re: DNS Injection Problem Chip Mefford (May 06)
- Re: DNS Injection Problem Þórhallur Hálfdánarson (May 06)
- Message not available
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Stephen P. Berry (May 07)