[arch-general] Bind 9.6.1-1 patched against dynamic update ddos?
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem. So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July. Best regards Fredrik Eriksson
2009/7/29 Fredrik Eriksson <fredrik.eriksson@gigabit.nu>:
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July.
Best regards Fredrik Eriksson
Judging by the Ubuntu package version it is P2 that fixes the current ddos issue, not read too much into it though so I could be wrong.
Damien Churchill skrev:
2009/7/29 Fredrik Eriksson <fredrik.eriksson@gigabit.nu>:
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July.
Best regards Fredrik Eriksson
Judging by the Ubuntu package version it is P2 that fixes the current ddos issue, not read too much into it though so I could be wrong.
I checked their mail sent (again just to be sure :P) to FD this morning. Their patches were for versions 9.3.2-2, 9.4.2 P2 and 9.5.0 P2. Best regards Fredrik Eriksson
Fredrik Eriksson wrote:
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July.
Best regards Fredrik Eriksson
According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure: iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' haven't tested it myself though... Glenn
On Wed, 2009-07-29 at 18:37 +0200, RedShift wrote:
Fredrik Eriksson wrote:
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July.
Best regards Fredrik Eriksson
According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure:
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
haven't tested it myself though...
The current version 9.6.1.P1-1 in extra corrects the issue. k
Glenn -- K. Piche <kpiche@rogers.com>
participants (4)
-
Damien Churchill
-
Fredrik Eriksson
-
K. Piche
-
RedShift