On Thu, Apr 05, 2001 at 01:31:31PM -0500, Lindsey Simon wrote: > I've been wondering why I get so many probes on port 53, what's the > popular exploit on it?
Bind (DNS) listens on that port. Even if there weren't any current exploits for bind, there are enough historical ones that people will always be probing that port, looking for ancient installations that haven't been upgraded. There was recently a new bind exploit discovered. The cracking frenzy that followed has not died down yet, despite the fact that all major vendors have fixed their systems. See http://www.debian.org/security/2001/dsa-026 for debian's report on the vulnerability. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpKB2CRfggfd.pgp
Description: PGP signature
