The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


more named warez


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sun, 14 Jun 1998 23:53:41 +0100
From: Gus <[email protected]>
To: [email protected]
Subject: Re: more named warez

This was mostly for my own amusement, since I am always interested in
/who/ is trying to 0wn my boxen, as well as preventing it.

When an exploit attempt is recieved, you get:
Jun 14 23:45:47 victim named[2670]: IQUERY recieved from [192.168.0.20].27447

The patch is for 4.9.6-REL, but it should work accross the board, you get
the idea, anyways.

named may be (is?) the new imapd, with all the bulk scanning that that
implies. You all know the score.



*** ns_req.c    Tue Apr  7 05:59:46 1998
--- ns_req.c.new        Thu Jun  4 13:54:07 1998
***************
*** 193,199 ****
                break;

        case IQUERY:
!               action = req_iquery(hp, &cp, eom, &buflen, msg, from);
                break;

  #ifdef BIND_NOTIFY
--- 193,201 ----
                break;

        case IQUERY:
!               hp->rcode = REFUSED;
!               action = Finish;
!               syslog(LOG_ALERT,"IQUERY recieved from %s",sin_ntoa(from));
                break;

  #ifdef BIND_NOTIFY





--
                                [email protected]

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру