> > Our network consists of aaa.bbb.ccc.0/19. That's CIDR notation for > 8,192 addresses. > But what has that got to do with "www.yahoo.com moved into our /19" .... your comment is pretty unclear. > > IMHO, fully updated purpose-built servers running 4.8 should have more > or less the same vulnerablity profile as 5.5 IFF RH is doing a good > job of backporting security fixes. > Why are you so sure it was a bind issue? What logs/research has come to that conclusion? Would bind 9.7 really have helped you if you were hacked or was your vulnerability elsewhere - and if so where? Was this the same server that you posted where you had mangled the install with force reinstalling rpms from SL and/or oracle that you posted about before for instance? > I am supported in that statement by my mentor at FedEx but NOT by my > mentor at Internet2. > Your mentor? What do you mean by that? > > We installed openssl-1.0.0c Jan 23 20:30 27 minutes after filing the > original post IIRC. If you were so gung ho about security that you wanted bleeding edge bind even newer than current centos 5 why are you so out of date on your openssl libraries. Given that you are out of date on those as per your previous posts would the currently released bind on rhel5 iff it was already on c5 really have been installed? If you were that desperate you could have built the srpms yourself.... or taken 9.7 from c5-testing. You have posted the same rubbish over and over without any substantiation with wild allegations. Post details if you need help or just please stop ranting to no point. James