Yet another reason to use adaptive firewall technology. We had one of our secondary DNS servers "owned" during due to an old copy of bind. At that point, we just flat out blocked all traffic beyond DNS to that box unless it was coming<->going to our management network. We did the same thing for our colo customers who run their own DNS. One had the exploit run against their DNS server and the "ADM.ROCKS" or whatever it was file showed up in their /var/named directory but, the SK's couldn't do anything else because the only traffic that could make it to the box was DNS. I know that this won't stop the resourceful/clue-owning cracker but, it sure put a dent in the lil' bastards who were running the pre-packaged exploits! --- John Fraizer EnterZone, Inc On Thu, 6 Jul 2000 jlewis@lewis.org wrote:
On Thu, 6 Jul 2000, Hal Murray wrote:
The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
Even if you know how to run a secure system, all it takes is one previously unknown hole and a well connected script kiddie, and you're a springboard...at least briefly.
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________