Preface: DNS BIND version requestLogo -Internet Security Systems

DNS BIND version request
advICE :Intrusions : 2000417
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Somebody has scanned your system looking for the version of BIND that it is running.

Details

The BIND DNS server has a feature whereby its database contains a CHAOS/TXT record with the name "VERSION.BIND". If somebody queries this record, the version of the BIND software will be returned.

This event triggers whenever anybody does such a lookup. This is not an attack itself, but a simple reconnaissance scan. However, if the returned version number is something like "4.9.6-REL" or "8.2.1", then it indicates that you have one of the known version of BIND that can be broken into with a buffer overflow exploit.

If the hacker finds a vulnerable version of the software running, the next step will be to break into your system using the appropriate exploit script.

 more information
Intrusion: NXT overflow  
A bug in version 8.2 and 8.2.1 that allows hackers to break into the DNS system.  
Intrusion: IQUERY overflow  
A bug in version 4.9.6 that allows a hacker to break in.  
advICE: dig  
An example of a tool that you can use to query the BIND version number in this manner.  
Official BIND site  
 
DNS  
More about the DNS service.   
 
Version appeared: 2.1
Privacy Policy |  Copyright Info