Kenneth Porter wrote:
> Slashdot carried this story yesterday on a BIND vulnerability:
>
> <http://it.slashdot.org/story/09/07/29/0028231/New-DoS-Vulnerability-In-All-Versions-of-BIND-9>
>
According to a commenter, this should provide a temporary countermeasure:
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
Haven't tested it, would like to know the results...
Glenn
> The upstream report:
>
> <https://www.isc.org/node/474>
>
> Red Hat's Bugzilla:
>
> <https://bugzilla.redhat.com/show_bug.cgi?id=514292>
>
>>From what I'm reading, if one has an Internet-facing master for a zone, one
> is vulnerable, even if dynamic DNS isn't being used.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
