bind (wasRe: [plug] Mandrake & Printing)

Christian christian at global.net.au
Wed Feb 23 14:38:18 WST 2000


Bret Busby wrote:
> Answers:
> On my computer (RH 5.2) bind-8.1.2-5
> On firewall/gateway (RH 6.0) bind-8.2-6

Are these DNS servers doing anything useful?  I'll assume the answer is
'no'...

> Oh, S**T!
> 
> >From http://www.redhat.com/mailing-lists/linux-security/1999-11/msg00003.html
> it appears that my computer is okay, but that the firewall is not! (DOS attack
> on our computers is unlikely to occur, and does not affect dialup, I hope)
> 
> As a person with little knowledge of systems admin of Linux, it sounds all quite
> complicated!

Instead of focusing on the specific issue (i.e., your computer with a
very vulnerable piece of software running on it), let's focus on the
general issue: why is your home machine running a DNS server?  There are
two explanations for this: 1)  You installed it mistakenly and 2)  Your
distribution installed it without really consulting you.  Of course, the
real answer is probably a combination of the two: your distribution
probably suggested that you install it and you, not really knowing what
it was, just agreed.  How many people do you think are affected by this
sort of situation?  A conservative estimate is probably about half of
the people who install Linux...  The conclusion is obvious: either
educate all these people properly about what they are doing so they can
make intelligent choices or have vendors take proper responsibility for
the software that gets installed.  Unfortunately, both these solutions
seem rather unlikely at present.

Back to your specific situation, my advice would be to immediately
remove BIND from both your machines.  It would also be valuable to run,
say, 'ps auxw|less' and check what other, probably unwanted, servers you
are running.  A command like "netstat -a |egrep 'LISTEN|udp'|grep -v
unix" will also show you want services you are running and on what
interfaces.

Regards,

Christian.



More information about the plug mailing list