RedShift napsal(a): > According to a commenter, this should provide a temporary countermeasure: > > iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' > > Haven't tested it, would like to know the results... > Well, good point, but Centos does not ship libipt_u32.so. Even more Centos 4.x is now undergoing rebuild process, so no updates even security updates are being released. Which is something I can accept. Those looking for patched bind for Centos 4.x may use packages I have built with CVE-2009-0696 patch. http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html Regards, David Hrbáč