> -----Original Message----- > From: plug-discuss-admin@lists.plug.phoenix.az.us > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Rick > Rosinski > Sent: Friday, March 23, 2001 12:15 PM > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE > INTERNET > > > Would this effect a Slackware 7.x system? I noticed that I don't > have any > "bind" in my paths. > --- Try typing (as root) "ps aux|less" and scroll up and down to see if "named" is running. This will tell for sure. I can't imagine any reason for named/bind to be installed on any workstation configuration as it is strictly a network server daemon. If you are running a linux as a masquerade/firewall/router box - you may have installed bind - if you did, you surely should know whether it is installed or not. Only 2 scenarios here, 1 is that you plan to provide domain name services to the public internet in which case, you better get up to speed on bind, up to date and spend a lot of time learning how to chroot because it is probably more a question of when it gets hacked than if it gets hacked. Scenario 2 is that you are providing DNS services to a local lan - in which case you MUST block the DNS packets from coming thru your firewall... on the 2.2-xxx kernel /sbin/ipchains -A input -j REJECT (or DENY) - i (public ethernet interface) -p tcp -s 0.0.0.0 -d (public ipaddress) domain and also /sbin/ipchains -A input -j REJECT (or DENY) - i (public ethernet interface) -p udp -s 0.0.0.0 -d (public ipaddress) domain replace (public ethernet interface) with eth0, eth1 whichever appropriate replace (public ipaddress) with your public/internet ip address you need to block both tcp & udp because DNS packets can be either. as one who has experience bind exploits, I speak with experience. Craig