[lug] CHAOS

John Hernandez John.Hernandez at noaa.gov
Tue Feb 27 16:14:01 MST 2001


It's not an exploit in and of itself.  It's there as an informational and debugging tool, but many folks use it for the wrong purposes.  There are ways to restrict access to the information (via ACL's), or otherwise modify it to your liking.

With BIND 9, you can use the following to control the output.

options {
  version "0.91-Beta-running-as-root-with-loads-of-juicy-exploitable-bugs" ;
}

So have some fun ;)

charles at lunarmedia.net wrote:
> 
> guys-
> i've got a guy doing lookups on my nameserver with class=CHAOS and
> type=TXT. i think there is an exploit where if you do a lookup on "bind"
> or something like that it returns the version of bind you're running.
> 
> i have a timestamp for when the guy is trying the query, any suggestions
> on how i can grab his ip addr?
> 
> thanks -cjm
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list