[vox-tech] [fwd] BIND 9 denial of service exploit
Bill Kendrick
nbs at sonic.net
Thu Jul 30 19:38:00 PDT 2009
Fwd of a fwd of a fwd:
-bill!
----- Forwarded message from Graham Freeman -----
Date: Thu, 30 Jul 2009 17:57:45 -0700
From: Graham Freeman
Subject: [Cernio Colo] Fwd: [bitfolk] BIND 9 denial of service exploit
Hey, folks,
Good info from Andy Smith re protecting against BIND9 exploits.
-G
Begin forwarded message:
> From: Andy Smith
> Date: 30 July, 2009 03:22:48 PDT (CA)
> Subject: Re: [bitfolk] BIND 9 denial of service exploit
>
> Hello,
>
> On Thu, Jul 30, 2009 at 12:09:31AM +0100, Jan Henkins wrote:
>> Andy Smith wrote:
>>> If you're running BIND 9 you'll want to upgrade because of:
>>>
>>> https://www.isc.org/node/474
>>>
>>
>> Thanks! Those running Lenny and the latest Ubuntu should be OK,
>> although
>> it seems Etch is running behind (no updated debs available tonight,
>> could be tomorrow). RedHat/CentOS/Fedora people, here is what looks
>> to
>> be a useful link (could not test it, not running any of these in
>> production):
>>
>> *http://tinyurl.com/6y4rb9*
>
> For those who are unable to upgrade, you can firewall off dynamic
> update packets like so:
>
> iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32
> '30>>27&0xF=5'
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> "I am the permanent milk monitor of all hobbies!" -- Simon Quinlank
----- End forwarded message -----
--
-bill!
Sent from my computer
More information about the vox-tech
mailing list