RE: [lug-bg: FW: CERT Advisory CA-2000-20]
- Subject: RE: [lug-bg: FW: CERT Advisory CA-2000-20]
- From: bkrosnov@xxxxxxxxx (Boyan Krosnov)
- Date: Fri, 17 Nov 2000 12:06:09 +0200
Hi,
Ubeden sym che mnogo ot horata na tozi list ne sa znaeli za problema, a
problem ima sys wseki normalno konfiguriran name server za kojto ne sa wzeti
specialni merki...
primerno (predi towa da stane obshtoizwesten problem) ne bqh wijdal name
server kojto da zabranqwa listwane na 127.in-addr.arpa. koqto e dlyjen da
poddyrja :)
I samo da otbeleja, ne sa zasegnati server-ite koito "prawqt" zone transfer
a server-ite koito *pozwolqwat* zone transfer.
Tochno taka! *MOJE* da byde ogranichen s acl-i w bind-a, moje da byde
ogranichen i s ip access-list-i (ili ako shtete ipchains im wikajte) ako
izobshto ne iskash da se prawqt query-ta otwyn kym twoq name server, NO na
dali nqkoj se e setil da go prawi za lichen kef :).
kind regards,
--
Boyan Krosnov (http://www.nat.bg/~bkrosnov)
Network Administrator
Lirex BG Ltd.
> -----Original Message-----
> From: sheib@xxxxxxx [mailto:sheib@xxxxxxx]
> Sent: Friday, November 17, 2000 12:18 PM
> To: lug-bg@xxxxxxxxxxxxxxxxxx
> Subject: Re: [lug-bg: FW: CERT Advisory CA-2000-20]
>
>
> >Boyan Krosnov <bkrosnov@xxxxxxxxx> wrote:
> >malko twyrde kysno ama wse pak moje oshte da ne ste chuli...
> >
> >towa e golqm problem i ako ste administrator na name server
> wzemete merki.
> >
> >--
> >Boyan Krosnov (http://www.nat.bg/~bkrosnov)
> >Network Administrator
> >Lirex BG Ltd.
>
>
> Bravo na Boyan <bkrosnov at lirex dot com>
> che chete bugtraq, pohvalno.
> Verno, che e kysno - predi sedmica izleze adviseory-to.
> No ne e "golqm problem", tyi kato *samo* zasegnati sa
> nameserverite koito praviat zone transfer, t.e trafika koito stava
> v LAN-a ili WAN, primerno.Tozi zone-transfer moje da byde ogranichen
> ili napylno sprian ot named.conf chrez acl lists.Taka che ne vijdam
> miasto za panika i paranoia.
>
>
> -- patch-8.2.2-P5 --
> src/bin/named/ns_xfr.c
> @@ -97,7 +97,8 @@
> "unsupported XFR (type %s) of \"%s\" (%s) to %s",
> p_type(type), zones[zone].z_origin, p_class(class),
> sin_ntoa(qsp->s_from));
> - goto abort;
> + (void) shutdown(qsp->s_rfd, 2);
> + goto abort2;
> }
> #ifdef SO_SNDBUF
> @@ -195,11 +196,13 @@
> type = ns_t_axfr;
> }
> if (sx_pushlev(qsp, znp) < 0) {
> +
> abort:
> (void) shutdown(qsp->s_rfd, 2);
> sq_remove(qsp);
> return;
> }
> + abort2:
> if (type != ns_t_ixfr)
> (void) sq_writeh(qsp, sx_sendsoa);
> else
> "unsupported XFR (type %s) of \"%s\" (%s) to %s",
> p_type(type), zones[zone].z_origin, p_class(class),
> sin_ntoa(qsp->s_from));
> ! goto abort;
> }
> #ifdef SO_SNDBUF
> "unsupported XFR (type %s) of \"%s\" (%s) to %s",
> p_type(type), zones[zone].z_origin, p_class(class),
> sin_ntoa(qsp->s_from));
> ! (void) shutdown(qsp->s_rfd, 2);
> ! return;
> }
> #ifdef SO_SNDBUF
>
>
>
>
>
> ____________________________________________________________________
> Get free email and a permanent address at
http://www.netaddress.com/?N=1
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|