Re: Something new? bind dos? exploit?
From: Dan Merillat (dan_at_merillat.org)
Date: 02/17/04
- Previous message: Sean Kelly: "RE: New virus: Alua! (Bagle.B)"
- Maybe in reply to: Chip Mefford: "Something new? bind dos? exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 17 Feb 2004 20:20:41 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <402CBDE3.3010308@avwashington.com>
(Pardon in advance for formatting problems, I'm stuck posting via the web)
Chip Mefford writes:
>Feb 13 06:55:40 hostname named[12631]: socket.c:1100: unexpected error:
>Feb 13 06:55:40 hostname named[12631]: internal_send:
>244.254.254.254#53: Invalid argument
While people have pointed out that this is basically
just a misconfigured NS record (even if deliberate) it does act as a DOS against bind9 boxes.
Hitting a bind9/linux2.4 box with queries for something in proxies.monkeys.com causes it to spew error messages to the logs, eating lots of CPU and eventually crashing bind9. The problem is that it's not treating it as an unreachable host, but reporting the error and attempting again.
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
- Previous message: Sean Kelly: "RE: New virus: Alua! (Bagle.B)"
- Maybe in reply to: Chip Mefford: "Something new? bind dos? exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
