As a hint for other sysadmins: For the time until a fixed debian package is available, this iptables rule should filter all dnsupdate packets, thus mitigating the attack:
| iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' Works for me, but no guaranty. I have added a second rule which logs said dnsupdate packets and i already got several such packets from the outside world, so the exploit is clearly in active use and the least you can do is to try the iptables rule. Regards Michael -- It's an insane world, but i'm proud to be a part of it. -- Bill Hicks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
