Bind version queries and/or DNS zone transfers (6 tries this night from
a server in Austria) are quite popular in these "bind NXT bug" days.
Often they are exploratory manoeuvres from script kiddies trying to
crack your DNS server.
Make sure your nameservers are running bind 8.2.2-P5. Also, defining
acls for zone transfers might be a good idea.
Fernando
_________________________________________________________________
Fernando Cardoso Phone: +351 21 7982186
Network Administrator Fax: +351 21 7982185
National Library E-mail: fernando_at_bn.pt
Portugal PGP ID: 28551CB8
> -----Original Message-----
> From: Erich Meier [mailto:Erich.Meier_at_INFORMATIK.UNI-ERLANGEN.DE]
> Sent: segunda-feira, 29 de Maio de 2000 14:02
> To: INCIDENTS_at_SECURITYFOCUS.COM
> Subject: Re: Microsoft version.binding us now?
>
>
> On Fri, May 26, 2000 at 07:11:36PM -0500, Bill Marquette wrote:
> > I've seen the following scan on some servers I admin for
> the last few days
> > from not only 207.46.106.84 but also a couple other systems
> in that /24
> > address space. So far I've seen the version.bind hits
> about 50 times. The
>
> Exactly the same here. Always polling one of my nameservers
> from 208.184.4.142
> or 207.46.106.76 addresses.
>
> No idea what they're trying to achieve.
>
> Erich
> --
> Erich Meier
> Erich.Meier_at_informatik.uni-erlangen.de
>
> http://www4.informatik.uni-erlangen.de/~meier/
>
Received on Jun 01 2000
Intro
