[CentOS] DNS wizard

Thu Dec 29 21:41:42 UTC 2005
Bryan J. Smith <thebs413 at earthlink.net>

Sam Drinkard <sam at wa4phy.net> wrote:
> I was more curious why it was considered lame server
whereas
> prior to CentOS, it worked well, and was not considered
lame
> under BSD.

No difference.

ISC BIND v8 (used by both Linux and BSD IIRC) had a lot of
buffer overflows and other holes.  I personally got hit by
one in 8.2.1 -- although that was my fault.  I stupidly
hadn't updated for 4 months since the first BIND shell
exploits became available, which was 5 months later than when
the patches/upgrades appeared (meaning I was out-of-date by 9
months total).  It took me a bit, but I discovered a rootkit
was installed -- but only because the original compromiser
left his original BIND shell running.

Luckily the system was in its own DMZ, and I did not use the
same passwords for anything else.

Today I use both host and network IDSes, and catch these
things when they happen -- even at home.


-- 
Bryan J. Smith     Professional, Technical Annoyance                      b.j.smith at ieee.org      http://thebs413.blogspot.com
----------------------------------------------------
*** Speed doesn't kill, difference in speed does ***