[LWN Logo]
[Timeline]
Date:         Wed, 7 Feb 2001 22:38:44 -0300
From: "Osvaldo J. Filho" <osvaldojaneri@UOL.COM.BR>
Subject:      Logging named version requests
To: INCIDENTS@SECURITYFOCUS.COM

	With all these bind bug buzzing, I did a (very) small patch to
(sys)log que version request for the latest 8.x.x named (8.2.3-REL). It
can be found at http://brsec.xnext.com.br/named-patch.tgz.

	I think this is really important to keep a eye on intruders
looking for vulnerable servers on your network.

	A example of the output on my /var/log/messages looks like:

Feb  7 21:42:19 kbyte named[12434]: ALERT: Version requested from
10.0.0.1.  Answering 8.2.3-REL


Thank you for the time.
---
Osvaldo J. Filho 				osvaldojaneri@uol.com.br
Unix Security Specialist
The Omega Project (Secure Linux) Coordinator 	http://omegaproject.cjb.net
BrSec Coordinator
---