Re: Bind 9.2.X exploit???

From: Alexandru Balan (jay@iNES.RO)
Date: 07/26/02 

From: Alexandru Balan <jay@iNES.RO>
To: ilker güvercin <holy@linuxmail.org>
Date: 26 Jul 2002 13:19:29 +0300

i asked the guy for the exploit, ran it. and it seems to fork in
background and afterwards it starts flooding with UDP packets
161.69.3.150 ;P not nice, not nice at all
On Thu, 2002-07-25 at 04:05, ilker güvercin wrote:
>
>
> I found a tool on my compramised machine called
> bind9 and the source code is still there.
> its made by team teso bind9 Exploit by by scut of
> teso [http://teso.scene.at/]...
> Usage: ./bind remote_addr domainname target_id
> Targets:
> 0 - Linux RedHat 6.0 (9.2.x)
> 1 - Linux RedHat 6.2 (9.2.x)
> 2 - Linux RedHat 7.2 (9.2.x)
> 3 - Linux Slackware 8.0 (9.2.x)
> 4 - Linux Debian (all) (9.2.x)
> 5 - FreeBSD 3.4 (8.2.x)
> 6 - FreeBSD 3.5 (8.2.x)
> 7 - FreeBSD 4.x (8.2.x)
>
> Example usage:
> $ host -t ns domain.com
> domain.com name server dns1.domain.com
> $ ./bind9 dns1.domain.com domain.com 0
> [..expl output..]
> I didnt test it; its workin or not.
> Anybody have knowlegde about this.Sorry for my
> poor english:)
> if anyone wanna test it I can send the source code.
> holy@linuxmail.org
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com 

--
Jay

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)