North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Reasons why BIND isn't being upgraded
- From: Paul Vixie
- Date: Thu Feb 01 21:10:53 2001
Simon@wretched.demon.co.uk (Simon Waters) writes:
> The ISC.ORG web site recommends leaving the BIND version string
> unchanged to assist in troubleshooting.
> I remain unconvinced that showing the version string helps much.
it helped you with your survey, didn't it?
hiding it doesn't help at all. people who want to know if you're vulnerable
and to what have tools to find out.
hiding it DOES however make it harder for people (including network owners)
to do surveys.
until, that is, somebody breaks into a server using some published hole and
then modifies the version string so the admin's periodic audit won't show it
as needing to be upgraded. so -- don't believe it if it says you're safe,
use indications of unsafety as reasons to prioritize those servers for a