From: Raffy [mailto:suse@raffy.ch]
I have an vulnerable bind running on a server (.... I know ! ) . Today the service was not running any more. I found nothing in the Sounds like an exploit that was some time ago on BugTraq. Somebody might have tried to do an unapproved zone-transfer using the compression flag.
named-xfer (... i won't continue with the command, but some people know what I mean). That causes named to fail and shut down. I don't know about logging though. It was logged in my logfile, but as I am paranoid, named logs almost everything it does. As Roman already said, update your bind-daemon a.s.a.p. to avoid being exploited. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CM/IT/P d@ s: !a C++(+) UL++++$ P++ L+++(++++)@ E---- W+++ N+ o? K? w O- M- V- PS PE- Y+ PGP++ t+ 5 X+ R* tv+ b++ DI? D-- G> e@> h!> ------END GEEK CODE BLOCK------ See http://www.ebb.org/ungeek/ on details.