Re: DNS Injection Problem

From: Danny <danny(at)drexel.edu>
Date: Mon May 05 2003 - 20:30:44 EDT

On Monday, May 5, 2003, at 01:11 PM, Blade Runner wrote:
>
> OS: Slackware 8.1 kernel 2.4.20

Do you have bind interacting with a windows Active Directory Setup which allows clients to update / modify DNS in bind?

> Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0

Squirrel Mail has had quite a number of security problems in the past, Have you kept on top of the patches and updates for it in the past?

>
> Proftpd 1.2.8 # no root or anonymous connections

Is this a *full* port scan using -p 1-65535 / -p- or simply nmaps default scan?

>
>
> In this server we do not allow telnet/rsh or any shell connection.

Er, you say that you do not allow any telnet access to this server but you are running the telnet service, thats probably not a good idea, If you meant you don't allow any clients remote access to the server i'd suggest ditching telnet and using [Open]SSH... If *noone* has remote access to this server than you should disable the telnet service.

>
> Thanks a lot and sorry about my poor English

Danny
Network Security Engineer

---

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents

---

Received on Mon May 5 20:34:23 2003