Hello,
As mentioned since this Monday, 5/18, by Edward D Silver, it appears
the BIND attack on our sites might be related. I am investigating the
scope of the attack and solicit your input. Please tell me the time
your servers were attacked and OS. We had at least twelve servers
impacted at our site. Also, if a core file (e.g., /etc/namedb/core)
was created, send me the command(s) the hacker tried to get named to execute.
For example, use the strings command and search for telnet, ftp, or 666.
I will summarize. If you don't want me to list your name on the summary,
then let me know and I will only use your information as statistics.
For a patch, contact Digital CSC.
--
Regards,
Richard Jackson
Computer Center Lead Engineer
Mgr, Central Systems & Dept. UNIX Consulting
University Computing & Information Systems (UCIS)
George Mason University, Fairfax, Virginia
Received on Thu May 21 1998 - 23:17:40 NZST