JL> Date: Tue, 04 Jun 2002 17:05:36 -0700 JL> From: Jeff Lasman
JL> So you can always write one. If you've got a second DNS JL> server (or more) and automatically restart bind within 15 JL> minutes, then you're probably reasonably safe until a fix JL> comes out, even if you are running bind 9.x. I disagree. Someone could DoS it once every five seconds. UDP is much easier to forge than TCP. (Anyone else recall remote NTP exploit not too long ago?) Too many networks don't filter egress. Backtracing packets can be challenging; with the wrong upstream, it's nigh on impossible. Even if you backtrace, will you get all the sources? There are some ugly botnets out there. What's to say someone won't write a BIND-killing module? Perhaps the chances are small, but it's well within reason. Tracing hundreds or thousands of compromised hosts just isn't feasible. Run non-vulnerable software. Consider running honeypots. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
