GEN:SID 1:252
Message DNS named iquery attempt
Summary This event is generated when an attempt is made to send an inverse query
to a DNS server. This could indicate a future attack.
Impact Intelligence gathering. This is just an attempt to see if the DNS server
responds to such a query.
Detailed Information Certain versions of BIND fail to propery bound data recieved when
handling an inverse query. Upon being copied to memory, portions of the
program can be overwritten and arbitrary commands can be run on the
affected host.
Affected Systems BIND pre 8.1.2 / 4.9.8
Attack Scenarios An attacker can send the reverse query and if the server responds the
attacker might then proceed to exploit the flaw in Bind.
Ease of Attack Simple. Exploit code is available.
Corrective Action Upgrade BIND.
Additional References RFC:
http://www.rfc-editor.org/rfc/rfc1035.txt

Bugtraq:
http://www.securityfocus.com/bid/134

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0009

Arachnids:
http://www.whitehats.com/info/IDS277
Rule References arachnids: 277
bugtraq: 134
cve: 1999-0009
url: www.rfc-editor.org/rfc/rfc1035.txt