[Snort-users] New BIND exploit...

Vitaly McLain twistah at ...93...
Tue Jan 30 20:34:12 EST 2001


>> I have still not seen reports of in-the-wild exploits.

I saw something on the Incidents list about a day or so before the BIND
advisory came out about a system being cracked through BIND. The victim said
(IIRC) that he found a directory (?) named "ron1n" on his system. I will
venture a guess at the fact that this the same "ron1n" that released the
rpc.statd exploit for Linux. (I am not saying he cracked box, but probably
wrote an exploit.)

Vitaly McLain
twistah at ...93...
twistah @ OPN & EfNet
"If you don't turn on to politics, politics will turn on you."
       - Ralph Nader





More information about the Snort-users mailing list