[Snort-users] New BIND exploit...

Borja Marcos borjamar at ...778...
Tue Jan 30 07:55:47 EST 2001

Peter Bates wrote:
> Hello all...
> Has anyone enough details on the signature
> of the new BIND exploit
> (http://www.securityfocus.com/news/144 , CERT, etc.)
> to say whether current snort rulesets would catch
> the activity, or whether a new one needs to be crafted?

	I haven't seen any exploits, but have detected an increase
on bind.version queries.

	Someone from is scanning all the .es
nameservers, it seems.



More information about the Snort-users mailing list