Not a good day now stuff from here is on BBC
Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm -- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh
Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm
Heh, we're a news organisation. We report things as they happen ;-) Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
I understand that, the issue I had with this is in the presentation "Major net security holes identified", Should have read "Major net security holes fixed " this would have been fair to Paul and crew. is all I am saying..... Simon Lockhart wrote:
Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm
Heh, we're a news organisation. We report things as they happen ;-)
Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
-- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh
On Wed, 31 Jan 2001, Henry R. Linneweh wrote:
I understand that, the issue I had with this is in the presentation "Major net security holes identified", Should have read "Major net security holes fixed " this would have been fair to Paul and crew. is all I am saying.....
I think that with the remote-shell exploit just released on Bugtraq the next article will have to revert to "Major security hole found - chaos ensues". In an informal survey of about two dozen hosts (upstreams, friends, well-known corporations), myself and a coworker found that all of them were running vulnerable versions. Of course it's possible some of these are running as user "bind", maybe chrooted, maybe firewalled, but I'd bet the majority aren't. Add up all the broadband users running some unix box as their gateway and running whatever version of bind came with their distro, and I think you'll find that there will be thousands more cracked boxes come tomorrow a.m. Pair all this with the current crop of DDoS tools and I think you'll find that this is one of the worst bugs to crop up in a long time. Charles
Simon Lockhart wrote:
Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm
Heh, we're a news organisation. We report things as they happen ;-)
Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
--
Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh
All of the recent list traffic got me thinking about why people aren't upgrading. Maybe some insight? I have several name servers. I have inherited them from admins that didn't seem to know what they were doing and I cannot upgrade one of them at all. It would require a total rebuild. I have upgraded the rest to 8.2.3. Another reason I haven't put more effort into it, is because I am waiting for two brand spanking new servers to arrive. I don't have the time to rebuild a name server I will trash in less than a week. Russian Roulette, I know. Is it pretty common to be understaffed and overworked? I can't believe I just asked that. I am always overworked with next to no help, but it seems that recently things are worse. Is that true all around? Anyone else in similar situations? Also, anyone else see a HUGE increase in scans for port 53? I mean out of control scans. jas
On Thu, Feb 01, 2001 at 02:00:51AM -0500, Jason Lewis wrote:
All of the recent list traffic got me thinking about why people aren't upgrading. Maybe some insight?
I have several name servers. I have inherited them from admins that didn't seem to know what they were doing and I cannot upgrade one of them at all. It would require a total rebuild. I have upgraded the rest to 8.2.3.
Another reason I haven't put more effort into it, is because I am waiting for two brand spanking new servers to arrive. I don't have the time to rebuild a name server I will trash in less than a week. Russian Roulette, I know.
One word: backups Is that word even heard around offices these days? I see far too many computers and far too few tape drives.. Kinda scary.
Is it pretty common to be understaffed and overworked? I can't believe I just asked that. I am always overworked with next to no help, but it seems that recently things are worse. Is that true all around?
Anyone else in similar situations?
Oh no, not at all. Its just you. ;-)
Also, anyone else see a HUGE increase in scans for port 53? I mean out of control scans.
53, 111, and 137 are the most common scans I trap at my firewall. Interesting bit with the scans to port 53 lately is that they're hitting the port 2 and 3 times, not just the usual once to identify and then move on. -Wayne
On Feb 1, 2001 Wayne Bouchard reported:
53, 111, and 137 are the most common scans I trap at my firewall. Interesting bit with the scans to port 53 lately is that they're hitting the port 2 and 3 times, not just the usual once to identify and then move on.
I betcha a guiness and a smile at N21 that those are Global Load Balancers probing for distance metrics to your DNS servers on 53 and not malicious scans... -- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
On Fri, 2 Feb 2001, Rich Sena wrote:
On Feb 1, 2001 Wayne Bouchard reported:
53, 111, and 137 are the most common scans I trap at my firewall. Interesting bit with the scans to port 53 lately is that they're hitting the port 2 and 3 times, not just the usual once to identify and then move on.
I betcha a guiness and a smile at N21 that those are Global Load Balancers probing for distance metrics to your DNS servers on 53 and not malicious scans...
I can see it now. Someone at Akamai cackling as they instruct all boxes to nmap every NS entry in the .com zone... :) J
On Thu, 1 Feb 2001, Charles Sprickman wrote:
On Wed, 31 Jan 2001, Henry R. Linneweh wrote:
I understand that, the issue I had with this is in the presentation "Major net security holes identified", Should have read "Major net security holes fixed " this would have been fair to Paul and crew. is all I am saying.....
I think that with the remote-shell exploit just released on Bugtraq the next article will have to revert to "Major security hole found - chaos ensues".
Well, in typical Bugtraq script-loser fashion, the remote-shell exploit was actually a trojan to attack NAI: \xa1\x45\x03\x96 == 161.69.3.150 == dns1.nai.com So, it turns out it's not too aweful bad of a day (unless you're NAI) and at least you still have a few minutes before a _real_ remote-shell exploit is released. --- John Fraizer EnterZone, Inc
participants (8)
-
Charles Sprickman
-
Henry R. Linneweh
-
Jason Lewis
-
John Fraizer
-
Joshua Goodall
-
Rich Sena
-
Simon Lockhart
-
Wayne Bouchard