Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:252 |
Message | DNS named iquery attempt |
Summary | This event is generated when an attempt is made to send an inverse query to a DNS server. This could indicate a future attack. |
Impact | Intelligence gathering. This is just an attempt to see if the DNS server responds to such a query. |
Detailed Information | Certain versions of BIND fail to propery bound data recieved when handling an inverse query. Upon being copied to memory, portions of the program can be overwritten and arbitrary commands can be run on the affected host. |
Affected Systems | BIND pre 8.1.2 / 4.9.8 |
Attack Scenarios | An attacker can send the reverse query and if the server responds the attacker might then proceed to exploit the flaw in Bind. |
Ease of Attack | Simple. Exploit code is available. |
Corrective Action | Upgrade BIND. |
Additional References | RFC: http://www.rfc-editor.org/rfc/rfc1035.txt Bugtraq: http://www.securityfocus.com/bid/134 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0009 Arachnids: http://www.whitehats.com/info/IDS277 |
Rule References | arachnids: 277 bugtraq: 134 cve: 1999-0009 url: www.rfc-editor.org/rfc/rfc1035.txt |
--
DID:311223
--
http://www.aanval.com/