|
Security Incidents
mailing list archives
Re: DNS Injection Problem
From: Chip Mefford <cmefford () avwashington com>
Date: Tue, 06 May 2003 05:53:38 -0400
Blade Runner wrote:
Hi list, I am facing a serious problem here. My client works as an ISP and
somebody is injecting parameters in their DNS tables/files.
This isn't very fun.
DNS Server: bind 9.2.2 # I am focusing my attention here, looking for
bugs.
bind 9.2.2 is really pretty tight.
Have you paid careful attention to the
"allow-update" and "allow-transfer" parameters.
Also, Some folks integrate Windows Active Directory
with bind 9. I don't know anything about that, but
it sounds really scary.
Here it goes a scanner showing my open ports.
Port State Service
21/tcp open ftp
23/tcp open telnet
You are running telnet. Lose it unless
there is a REAL good reason for running it.
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
113/tcp open auth
143/tcp open imap2
In this server we do not allow telnet/rsh or any shell connection.
Yes you do.
Thanks a lot and sorry about my poor English
Your english is just fine. Don't worry about it.
----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: DNS Injection Problem, (continued)
| 
Intro
