Major net security holes identified
BBC News | SCI/TECH | Major net security holes identified
Heh, we're a news organisation. We report things as they happen 
Simon
I understand that, the issue I had with this is in the presentation
"Major net security holes identified", Should have read "Major net
security holes fixed " this would have been fair to Paul and crew.
is all I am saying.....
Simon Lockhart wrote:
I understand that, the issue I had with this is in the presentation
"Major net security holes identified", Should have read "Major net
security holes fixed " this would have been fair to Paul and crew.
is all I am saying.....
I think that with the remote-shell exploit just released on Bugtraq the
next article will have to revert to "Major security hole found - chaos
ensues".
In an informal survey of about two dozen hosts (upstreams, friends,
well-known corporations), myself and a coworker found that all of them
were running vulnerable versions. Of course it's possible some of these
are running as user "bind", maybe chrooted, maybe firewalled, but I'd bet
the majority aren't.
Add up all the broadband users running some unix box as their gateway and
running whatever version of bind came with their distro, and I think
you'll find that there will be thousands more cracked boxes come tomorrow
a.m.
Pair all this with the current crop of DDoS tools and I think you'll find
that this is one of the worst bugs to crop up in a long time.
Charles
All of the recent list traffic got me thinking about why people aren't
upgrading. Maybe some insight?
I have several name servers. I have inherited them from admins that didn't
seem to know what they were doing and I cannot upgrade one of them at all.
It would require a total rebuild. I have upgraded the rest to 8.2.3.
Another reason I haven't put more effort into it, is because I am waiting
for two brand spanking new servers to arrive. I don't have the time to
rebuild a name server I will trash in less than a week. Russian Roulette, I
know.
Is it pretty common to be understaffed and overworked? I can't believe I
just asked that. I am always overworked with next to no help, but it seems
that recently things are worse. Is that true all around?
Anyone else in similar situations?
Also, anyone else see a HUGE increase in scans for port 53? I mean out of
control scans.
jas
All of the recent list traffic got me thinking about why people aren't
upgrading. Maybe some insight?I have several name servers. I have inherited them from admins that didn't
seem to know what they were doing and I cannot upgrade one of them at all.
It would require a total rebuild. I have upgraded the rest to 8.2.3.Another reason I haven't put more effort into it, is because I am waiting
for two brand spanking new servers to arrive. I don't have the time to
rebuild a name server I will trash in less than a week. Russian Roulette, I
know.
One word: backups
Is that word even heard around offices these days? I see far too many
computers and far too few tape drives.. Kinda scary.
Is it pretty common to be understaffed and overworked? I can't believe I
just asked that. I am always overworked with next to no help, but it seems
that recently things are worse. Is that true all around?Anyone else in similar situations?
Oh no, not at all. Its just you.
Also, anyone else see a HUGE increase in scans for port 53? I mean out of
control scans.
53, 111, and 137 are the most common scans I trap at my
firewall. Interesting bit with the scans to port 53 lately is that
they're hitting the port 2 and 3 times, not just the usual once to
identify and then move on.
-Wayne
Well, in typical Bugtraq script-loser fashion, the remote-shell exploit
was actually a trojan to attack NAI:
\xa1\x45\x03\x96 == 161.69.3.150 == dns1.nai.com
So, it turns out it's not too aweful bad of a day (unless you're NAI) and
at least you still have a few minutes before a _real_ remote-shell exploit
is released.
On Feb 1, 2001 Wayne Bouchard reported:
53, 111, and 137 are the most common scans I trap at my
firewall. Interesting bit with the scans to port 53 lately is that
they're hitting the port 2 and 3 times, not just the usual once to
identify and then move on.
I betcha a guiness and a smile at N21 that those are Global Load Balancers
probing for distance metrics to your DNS servers on 53 and not malicious
scans...
I can see it now. Someone at Akamai cackling as they instruct all boxes to
nmap every NS entry in the .com zone... 
J