Re: BIND exploited ? -UPDATE #2

To: debian-isp@lists.debian.org
Subject: Re: BIND exploited ? -UPDATE #2
From: Thedore Knab <tjk@annapolislinux.org>
Date: Sun, 6 Jan 2002 18:36:20 -0500
Message-id: <[🔎] 20020106233620.GA20716@annapolislinux.org>
In-reply-to: <[🔎] 20020105064324.GA5343@annapolislinux.org>
References: <[🔎] 20020104021646.GA24501@annapolislinux.org> <[🔎] 20020104151620.F064B372DB9@lyta.coker.com.au> <[🔎] 20020104165420.GB26204@yuggoth.net> <[🔎] 20020104181134.446893657A3@lyta.coker.com.au> <[🔎] 20020104184316.GD26204@yuggoth.net> <[🔎] 20020105064324.GA5343@annapolislinux.org>

How does this sound ?

The system has been rebuilt.

It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer
Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron
job.

The harddrives will be saved for further investigation at a later date.

Since the harddrives have been modified in a hack effort to patch the
problem, I don't think it can be used as evidence.

Snort will also be installed on an OPENBSD box at the edge of the nework to monitor the
administrave network, and on the administrative network.

-Ted

Reply to:

References:
- BIND exploited ?
  - From: Thedore Knab <tjk@annapolislinux.org>
- Re: BIND exploited ?
  - From: Russell Coker <russell@coker.com.au>
- Re: BIND exploited ?
  - From: Andy Bastien <lists@yuggoth.net>
- Re: BIND exploited ?
  - From: Russell Coker <russell@coker.com.au>
- Re: BIND exploited ?
  - From: Andy Bastien <lists@yuggoth.net>
- Re: BIND exploited ? -UPDATE
  - From: Thedore Knab <tjk@annapolislinux.org>

Prev by Date: Re: BIND exploited ?
Next by Date: [OT] help with filtering chars using reg exp in PHP
Previous by thread: Re: BIND exploited ? -UPDATE
Next by thread: Re: BIND exploited ? -UPDATE
Index(es):
- Date
- Thread