Am 07.02.2017 um 23:31 schrieb Alberto Colosi:
lucky you say
zombie host and hijacked resourced poisoned DNS are not an hack
In years as Security Desk Seat I had at leat one attack from zombie
hosts from a US University. Admins even not known was hacked.
Target of hackers is not only credit cards or other so valuable things.
Even only a zombie host is a valuable item for them.
yeah, but why should they be so dumb and set your dns zone to the values
24 hours before so that you notice the issue and much better question:
from where do they have the exactly data of your own zone 24 hours before?
try "chattr +i" on your zonefile so that it can't be touched and with
some luck the stuff trying to replace it will error out in cronmails or
syslog
------------------------------------------------------------------------
*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of Alan
Clegg <a...@clegg.com>
*Sent:* Tuesday, February 7, 2017 10:48 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: bind 9 goes rogue and revert zone information
On 2/7/17 8:42 AM, Alberto Colosi wrote:
IP ports not open does not mean is not hacked.
a vulnerability can be used to make a change or an access
Occam's razor... if you were a hacker and broke into someone's DNS
server, would the thing that you focus on be resetting the data every 24
hours?
This isn't a hack, this is a screwed up backup/restore or virtualization
configuration.
Don't waste time chasing ghosts
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
