Re: /var partition overflow (due to spyware?) in FreeBSD default install

From: David G. Andersen (danderse_at_cs.utah.edu)
Date: 10/24/03

  • Next message: Brett Glass: "Re: /var partition overflow (due to spyware?) in FreeBSD default install" 
    Date: Thu, 23 Oct 2003 20:46:46 -0600
To: Garance A Drosihn <drosih@rpi.edu>

    Garance A Drosihn just mooed:
    > newsyslog for the past year. I am pretty familiar with it.
    >
    > What I meant was that in circumstances where "once per hour"
    > is not fast enough, then I do not believe the right solution
    > is to rotate files every five minutes. Just MO.

    the problem is very obviously an excess of messages from bind.
    This bug report should go to the ISC folks. No daemon should
    be spewing out log messages at the _incredible_ rate that
    bind does when it decides it doesn't like what it's getting
    in this context. The same bug can be triggered by using a
    forwarding nameserver that bind doesn't like.

    The immediate question to ask is, "is this fixed in bind9?"

    If it is, you're not likely to get an answer other than
    "please upgrade." ... which seems like a pretty reasonable
    thing to do, if that's the case. Bret, try upgrading to
    bind9 and see if it still happens. If it does, then reduce
    it to the simplest test case you can and report it to the
    bind people. If it doesn't, then call yourself happy and
    let the rest of us know that it's a good way to avoid the
    problem.

      -Dave 

    -- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Brett Glass: "Re: /var partition overflow (due to spyware?) in FreeBSD default install"

    Relevant Pages

    • Re: your mail
      ... I even bought DNS and BIND from O'riley. ... For debugging Bind9, start by getting Bind to log a lot of stuff. ... continually on a busy production server. ...
      (freebsd-questions)
    • Re: Somethings happening with named
      ... potential impact of an upgrade, and since this hasn't recurred I've left it ... and decided to keep an eye on things until it happens again. ... If someone could briefly explain the versioning used by bind, ... FreeBSD: The Power To Serve - http://www.FreeBSD.org ...
      (FreeBSD-Security)
    • Re: FreeBSD 7.1 and BIND exploit
      ... Will FreeBSD 7.1 be released in time to use it as an upgrade to ... close the BIND cache poisoning hole? ... running djbdns instead, ...
      (freebsd-stable)
    • Re: BIND in chroot jail
      ... > I see the bind user is defined as BIND Sandbox, ... running Bind9 in a chroot jail is really quite easy. ... of all, with Bind9, there's no need to install the software under the ...
      (freebsd-questions)
    • Re: Errata for RedHat: how reliable?
      ... > I downloaded and applied all the errata listed at RH's site. ... > across the BIND site which told me that I *absolutely must* upgrade any ... Go for it with bind 9.2.1, if I were you, from source, with libsafe, ...
      (comp.os.linux.security)