Am 07.02.2017 um 23:31 schrieb Alberto Colosi:
lucky you say

zombie host and hijacked resourced poisoned DNS are not an hack

In years as Security Desk Seat I had at leat one attack from zombie
hosts from a US University. Admins even not known was hacked.

Target of hackers is not only credit cards or other so valuable things.
Even only a zombie host is a valuable item for them.

yeah, but why should they be so dumb and set your dns zone to the values 24 hours before so that you notice the issue and much better question: from where do they have the exactly data of your own zone 24 hours before?

try "chattr +i" on your zonefile so that it can't be touched and with some luck the stuff trying to replace it will error out in cronmails or syslog

------------------------------------------------------------------------
*From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of Alan
Clegg <a...@clegg.com>
*Sent:* Tuesday, February 7, 2017 10:48 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: bind 9 goes rogue and revert zone information

On 2/7/17 8:42 AM, Alberto Colosi wrote:
IP ports not open does not mean is not hacked.

a vulnerability can be used to make a change or an access

Occam's razor... if you were a hacker and broke into someone's DNS
server, would the thing that you focus on be resetting the data every 24
hours?

This isn't a hack, this is a screwed up backup/restore or virtualization
configuration.

Don't waste time chasing ghosts
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to