On Tue, Jan 30, 2001 at 11:49:08AM +0000, Peter Bates wrote:
> Hello all...
> Has anyone enough details on the signature
> of the new BIND exploit
> (http://www.securityfocus.com/news/144 , CERT, etc.)
> to say whether current snort rulesets would catch
> the activity, or whether a new one needs to be crafted?
From the CERT advisory,
The vulnerabilities described in VU#196945, VU#572183, and VU#868916
have been successfully exploited by COVERT Labs in a laboratory
environment. To the best of our knowledge, no exploits have been
released to the public."
I have still not seen reports of in-the-wild exploits. In the mean
time, watch for version.bind queries, BUT FIRST UPGRADE YOUR BIND!
Crist J. Clark cjclark@...