[dns-operations] CVE 2015-8000 actively exploited yesterday

bert hubert bert.hubert at netherlabs.nl
Thu Dec 17 08:42:44 UTC 2015


On Thu, Dec 17, 2015 at 09:05:49AM +0100, Anand Buddhdev wrote:
> On 17/12/15 02:49, Robert Edmonds wrote:
> 
> > RHEL 7 is systemd-based (so it doesn't help the original poster, who's
> > running RHEL 6, which is upstart-based), so this is basically a
> 
> Actually, upstart is also a supervisor, so it can keep BIND alive. On
> our CentOS 6 servers, we have /etc/init/named.conf, containing:

PowerDNS has had functionality like this for years, it does not work very
well against nastygrams. As long as a single packet can kill you, an
attacker can effectively keep you down for as long as he wants by sending
some more packets. One packets/second should do it.

	Bert



More information about the dns-operations mailing list