[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Fwd: [EXPL] BIND 8.2.2-P5 DoS vulnerability(exploit, BIND_ZXFR)
- Subject: Re: [cobalt-security] Fwd: [EXPL] BIND 8.2.2-P5 DoS vulnerability(exploit, BIND_ZXFR)
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Fri, 10 Nov 2000 01:20:30 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Jeff Lovell" <jlovell@xxxxxxxxxx> wrote
> As a measure to prevent attacks, you can add the following
> to the options section in your /etc/named.conf
>
> allow-transfer { none; };
>
> and run /etc/rc.d/init.d/named restart
>
> Here is the modified default named.conf:
>
> options { directory "/etc/named"; allow-transfer { none; }; };
> zone "." { type hint; file "db.cache"; };
>
> See if that will stop it from crashing for now. But you
> will not be able to do zone transfers. If you still need
> to do zone transfers, put in the address/net to allow access.
>
> 'man named.conf' for more details.
>
> Jeff
>
BINDv8.2.2 patchlevel 7 has been released on the ISC web/ftp site. An
announcement should be out soon.
Gerald