Re: [arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
On Wed, 2009-07-29 at 18:37 +0200, RedShift wrote: Fredrik Eriksson wrote: Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure: iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30270xF=5' haven't tested it myself though... The current version 9.6.1.P1-1 in extra corrects the issue. k Glenn -- K. Piche kpi...@rogers.com
[arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson
Re: [arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
2009/7/29 Fredrik Eriksson fredrik.eriks...@gigabit.nu: Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson Judging by the Ubuntu package version it is P2 that fixes the current ddos issue, not read too much into it though so I could be wrong.
Re: [arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
Damien Churchill skrev: 2009/7/29 Fredrik Eriksson fredrik.eriks...@gigabit.nu: Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson Judging by the Ubuntu package version it is P2 that fixes the current ddos issue, not read too much into it though so I could be wrong. I checked their mail sent (again just to be sure :P) to FD this morning. Their patches were for versions 9.3.2-2, 9.4.2 P2 and 9.5.0 P2. Best regards Fredrik Eriksson
Re: [arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
Fredrik Eriksson wrote: Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure: iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30270xF=5' haven't tested it myself though... Glenn
