Michael,
It sounds like the same thing I got hit by, the named exploit.
Check in /var/named and see if there is a directory called ADMROCKS
if so, grab the updated named, or dont run named.
Portsentry wouldnt really stop this if you had named open anyway.
And I suggest a bit of firewalling, and portsentry, if you like to watch logs.
Sam
P.S. Is it a good thing that RR is on the orbs list?
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
