|
Security Incidents
mailing list archives
DNS Injection Problem
From: "Blade Runner" <blade () seven com br>
Date: Mon, 5 May 2003 14:11:06 -0300 (BRT)
Hi list, I am facing a serious problem here. My client works as an ISP and
somebody is injecting parameters in their DNS tables/files. Eventually
dial-up costumers are accessing faked home pages ( usually banks ). These
attacks were reported to the FPD ( Federal Police Dep ), but they didn't
find anything yet.
I am looking for a vulnerability in my server but it is a hard thing to do.
Maybe you, security masters, can help me with this.
This is the server configuration.
OS: Slackware 8.1 kernel 2.4.20
DNS Server: bind 9.2.2 # I am focusing my attention here, looking for bugs.
Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0
Courier-Imap 1.7.1
Qmail 1.03
Proftpd 1.2.8 # no root or anonymous connections
Here it goes a scanner showing my open ports.
Port State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
113/tcp open auth
143/tcp open imap2
In this server we do not allow telnet/rsh or any shell connection.
Since I am a newbie, I would appreciate some advices and tips.
Thanks a lot and sorry about my poor English
--
Blade Runner - Squirrel Mail
Linux Powered
LICQ 40959703
----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- DNS Injection Problem Blade Runner (May 05)
|
Intro
