aaa sadas das2006-03-02T20:06:45ZpLogCopyright (c) aaaaaatag:post:www.blognic.net,2006-03-02:1564Vorstellung: meine Fav-blogs2006-03-02T20:06:45Z2006-03-02T20:06:452006-03-02T20:06:45Z<A href="http://spammer.blog.de/">spammer.blog.de/</A> <A href="http://blog1.de/aaaaaa">blog1.de/aaaaaa</A> <A ...aaaaaahttp://aaaaaa.blognic.net/345_aaa_sadas_dasseowebspace@web.de
Allgemein
<A href="http://spammer.blog.de/">spammer.blog.de/</A> <A href="http://blog1.de/aaaaaa">blog1.de/aaaaaa</A> <A href="http://geier.blog-writer.de">eier.blog-writer.de</A> <A href="http://geier.20six.de/">geier.20six.de</A> <A href="http://aaaaaa.beeplog.de">aaaaaa.beeplog.de</A> <A href="http://aaaaaa.blogecke.de/">aaaaaa.blogecke.de</A> <A href="http://aaaaaa.blogg.de">aaaaaa.blogg.de</A> <A href="http://bloggermania.de/aaaaaa">bloggermania.de/aaaaaa</A> <A href="http://aaaaaa.blogianer.de/">aaaaaa.blogianer.de</A> <A href="http://aaaaaa.blogya.de/aaaaaa/">aaaaaa.blogya.de/aaaaaa/</A> <A href="http://aaaaaa.blogy.de">aaaaaa.blogy.de</A> <A href="http://aaaaaa.blogtiger.de">aaaaaa.blogtiger.de</A> <A href="http://aaaaaa.blogster.de/">aaaaaa.blogster.de</A> <A href="http://aaaaaa.blogstart.de">aaaaaa.blogstart.de</A> <A href="http://aaaaaa.blogsport.de">aaaaaa.blogstart.de</A> <A href="http://aaaaaa.blognic.net/">aaaaaa.blognic.net</A> <A href="http://aaaaaa.blogger.de">aaaaaa.blogger.de</A> <A href="http://blogmonster.de/aaaaaa">blogmonster.de/aaaaaa</A> <A href="http://aaaaaa.yourblog.de/">aaaaaa.yourblog.de</A> <A href="http://aaaaaa.twoday.net/">aaaaaa.twoday.net</A> <A href="http://www.tell-it.net/dsf_sdf">www.tell-it.net/dsf_sdf</A> <A href="http://aaaaaa.meinweblog.com">aaaaaa.meinweblog.com</A> <A href="http://www.sponsorblogs.de/aaaaaa/">www.sponsorblogs.de/aaaaaa</A> <A href="http://myblog.de/bbbbbbb/">myblog.de/bbbbbbb</A> <A href="http://aaaaaa.simpleblog.org/">aaaaaa.simpleblog.org</A> ODer KURZ <a href="http://spammer.blog.de/">http://spammer.blog.de/</a> <a href="http://blog1.de/aaaaaa">http://blog1.de/aaaaaa</a> <a href="http://geier.blog-writer.de">http://geier.blog-writer.de</a> <a href="http://geier.20six.de/">http://geier.20six.de/</a> <a href="http://aaaaaa.beeplog.de">http://aaaaaa.beeplog.de</a> <a href="http://aaaaaa.blogecke.de/">http://aaaaaa.blogecke.de/</a> <a href="http://aaaaaa.blogg.de">http://aaaaaa.blogg.de</a> <a href="http://bloggermania.de/aaaaaa">http://bloggermania.de/aaaaaa</a> <a href="http://aaaaaa.blogianer.de/">http://aaaaaa.blogianer.de/</a> <a href="http://aaaaaa.blogya.de/aaaaaa/">http://aaaaaa.blogya.de/aaaaaa/</a> <a href="http://aaaaaa.blogy.de">http://aaaaaa.blogy.de</a> <a href="http://aaaaaa.blogtiger.de">http://aaaaaa.blogtiger.de</a> <a href="http://aaaaaa.blogster.de/">http://aaaaaa.blogster.de/</a> <a href="http://aaaaaa.blogstart.de">http://aaaaaa.blogstart.de</a> <a href="http://aaaaaa.blogsport.de">http://aaaaaa.blogsport.de</a> <a href="http://aaaaaa.blognic.net/">http://aaaaaa.blognic.net/</a> <a href="http://aaaaaa.blogger.de">http://aaaaaa.blogger.de</a> <a href="http://blogmonster.de/aaaaaa">http://blogmonster.de/aaaaaa</a> <a href="http://aaaaaa.yourblog.de/">http://aaaaaa.yourblog.de/</a> <a href="http://aaaaaa.twoday.net/">http://aaaaaa.twoday.net/</a> <a href="http://www.tell-it.net/dsf_sdf">http://www.tell-it.net/dsf_sdf</a> <a href="http://aaaaaa.meinweblog.com">http://aaaaaa.meinweblog.com</a> <a href="http://www.sponsorblogs.de/aaaaaa/">http://www.sponsorblogs.de/aaaaaa/</a> <a href="http://myblog.de/bbbbbbb/">http://myblog.de/bbbbbbb/</a> <a href="http://aaaaaa.simpleblog.org/">http://aaaaaa.simpleblog.org/</a><br/>
tag:post:www.blognic.net,2006-03-01:1562DAS IST DER TITEL2006-03-01T13:00:15Z2006-03-01T13:00:152006-03-01T13:00:15Z <PRE>--------------------------------------------------> #!/bin/bash echo 'bind_nuke c Artur Skawina skawina@usa.net' nsupdate <<END update delete x.$1 A ...aaaaaahttp://aaaaaa.blognic.net/345_aaa_sadas_dasseowebspace@web.de
Allgemein
<p><PRE>--------------------------------------------------&gt;</p><p>#!/bin/bash</p><p /><p>echo 'bind_nuke c Artur Skawina <a href="mailto:skawina@usa.net'">skawina@usa.net'</a></p><p /><p>nsupdate &lt;&lt;END</p><p>update delete x.$1 A</p><p>update add x.$1 60 IN A 3.2.3.6</p><p>update delete x.$1 A</p><p /><p>END</p><p>&lt;--------------------------------------------------</p><p /><p>when executed as "bind_nuke bogus.org" on a host, that bogus.org's</p><p>primary NS is configured to accept updates from, will cause named</p><p>to silently die. Nothing in the logs, nothing on the console.</p><p>After a number of similar packets has been received by named any</p><p>subsequent attempt to run it will only result in a Segmentation Fault.</p><p>[and there's "spoofing"...]</p><p /><p>The problem seems to be that bind can not handle updating the</p><p>same RR more than once in the same DNS packet.</p><p>And as it saves the update requests in the &lt;zone&gt;.log file</p><p>and attempts to perform the updates again when restarted,</p><p>the bug is triggered again...</p><p /><p>The bug is present in both bind8.1 and bind8.1.1.</p><p>With bind8.1 one such DU packet was enough to prevent named from runing,</p><p>until the /var/named/pri/&lt;zone&gt;.log file was removed/edited.</p><p>Bind 8.1.1 needs a few packets but usually &lt;=3 before this happens</p><p>named still dies after only one packet, but it is sometimes possible to</p><p>restart it w/o any immediate errors/warnings.</p><p /><p /><p>----------------------------------------------------</p><p /><p>This workaround won't work for the attack listed, but it's still useful to</p><p>know..</p><p /><p>If you're using named 8.*, it can be run out of inittab with the</p><p>non-daemonising switch.</p><p /><p>On linuxen:</p><p /><p>/etc/inittab</p><p /><p>bi:2345:respawn:/usr/sbin/named -f</p><p /><p>At least this way, should it die, it'll come back within seconds.</p><p /><p>-----------------------------------------------------</p><p /><p /><p>If you don't enable updates for a zone, or you enable them only from hosts</p><p>within an intelligent source routing prohibited, source addresses checked</p><p>firewall, bind is immune to the "bind_nuke" attack published here recently.</p><p /><p>updates aren't on by default, and according to rfc 2136 dns updates are not</p><p>recommended except from "localhost" which is assumed to be secure. though</p><p>i wish that more system vendors would disallow source-address 127.0.0.1 from</p><p>coming in off the network. for this reason we have not published a patch</p><p>to bind-8.1.1. i expect that we will put bind-8.1.2 into beta testing in a</p><p>few weeks. note that we still won't have support for rfc 2137 or TSIG; if</p><p>any system vendors would like to fund that effort, we'd love to work on it.</p><p /><p>mountain. molehill.</p><p /><p /><p>------------------------------------------------------</p><p></PRE></p><br/>
tag:post:www.blognic.net,2006-02-28:1561Herzlichen Glückwunsch!2006-02-28T21:15:56Z2006-02-28T21:15:562006-02-28T21:15:56ZWenn Sie diesen Artikel lesen können, war die Registrierung erfolgreich und Sie können direkt mit dem Bloggen beginnen. aaaaaahttp://aaaaaa.blognic.net/345_aaa_sadas_dasseowebspace@web.de
Allgemein
Wenn Sie diesen Artikel lesen können, war die Registrierung erfolgreich und Sie können direkt mit dem Bloggen beginnen.<br/>