Date: Wed, 7 Feb 2001 22:38:44 -0300 From: "Osvaldo J. Filho" <osvaldojaneri@UOL.COM.BR> Subject: Logging named version requests To: INCIDENTS@SECURITYFOCUS.COM With all these bind bug buzzing, I did a (very) small patch to (sys)log que version request for the latest 8.x.x named (8.2.3-REL). It can be found at http://brsec.xnext.com.br/named-patch.tgz. I think this is really important to keep a eye on intruders looking for vulnerable servers on your network. A example of the output on my /var/log/messages looks like: Feb 7 21:42:19 kbyte named[12434]: ALERT: Version requested from 10.0.0.1. Answering 8.2.3-REL Thank you for the time. --- Osvaldo J. Filho osvaldojaneri@uol.com.br Unix Security Specialist The Omega Project (Secure Linux) Coordinator http://omegaproject.cjb.net BrSec Coordinator ---