[Snort-users] New BIND exploit...

Borja Marcos borjamar at ...778...
Tue Jan 30 07:55:47 EST 2001


Peter Bates wrote:
> 
> Hello all...
> 
> Has anyone enough details on the signature
> of the new BIND exploit
> (http://www.securityfocus.com/news/144 , CERT, etc.)
> to say whether current snort rulesets would catch
> the activity, or whether a new one needs to be crafted?

	I haven't seen any exploits, but have detected an increase
on bind.version queries.

	Someone from 210.178.239.1 is scanning all the .es
nameservers, it seems.

	Regards,






	Borja.




More information about the Snort-users mailing list