Security Incidents mailing list archives
Re: DNS Injection Problem
From: Danny <danny () drexel edu>
Date: Mon, 05 May 2003 20:30:44 -0400
On Monday, May 5, 2003, at 01:11 PM, Blade Runner wrote:
OS: Slackware 8.1 kernel 2.4.20DNS Server: bind 9.2.2 # I am focusing my attention here, looking for bugs.
Do you have bind interacting with a windows Active Directory Setup which allows clients to update / modify DNS in bind?
Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0
Squirrel Mail has had quite a number of security problems in the past, Have you kept on top of the patches and updates for it in the past?
Proftpd 1.2.8 # no root or anonymous connections Here it goes a scanner showing my open ports. Port State Service 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 113/tcp open auth 143/tcp open imap2
Is this a *full* port scan using -p 1-65535 / -p- or simply nmaps default scan?
In this server we do not allow telnet/rsh or any shell connection. Since I am a newbie, I would appreciate some advices and tips.
Er, you say that you do not allow any telnet access to this server but you are running the telnet service, thats probably not a good idea, If you meant you don't allow any clients remote access to the server i'd suggest ditching telnet and using [Open]SSH... If *noone* has remote access to this server than you should disable the telnet service.
Thanks a lot and sorry about my poor English
Danny Network Security Engineer ----------------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- DNS Injection Problem Blade Runner (May 05)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Glenn Forbes Fleming Larratt (May 06)
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem David Conrad (May 05)
- OT:Healthcare incidents? Paul Farley (May 06)
- RE: Healthcare incidents? Paul Farley (May 06)
- OT:Healthcare incidents? Paul Farley (May 06)
- Re: DNS Injection Problem Benjamin A. Okopnik (May 06)
- Re: DNS Injection Problem Chip Mefford (May 06)
- Re: DNS Injection Problem Þórhallur Hálfdánarson (May 06)
- Message not available
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Stephen P. Berry (May 07)