[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 045-1] ntp remote root exploit fixed

On Thu, Apr 05, 2001 at 01:31:31PM -0500, Lindsey Simon wrote:
> I've been wondering why I get so many probes on port 53, what's the 
> popular exploit on it?

Bind (DNS) listens on that port.  Even if there weren't any current
exploits for bind, there are enough historical ones that people will
always be probing that port, looking for ancient installations that
haven't been upgraded.

There was recently a new bind exploit discovered.  The cracking frenzy
that followed has not died down yet, despite the fact that all major
vendors have fixed their systems.  See
for debian's report on the vulnerability.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpGveSDUCgw8.pgp
Description: PGP signature

Reply to: