Re: BIND exploited ? -UPDATE #2
How does this sound ?
The system has been rebuilt.
It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer
Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron
The harddrives will be saved for further investigation at a later date.
Since the harddrives have been modified in a hack effort to patch the
problem, I don't think it can be used as evidence.
Snort will also be installed on an OPENBSD box at the edge of the nework to monitor the
administrave network, and on the administrative network.