Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reasons why BIND isn't being upgraded

  • From: Paul Vixie
  • Date: Thu Feb 01 21:10:53 2001

Simon@wretched.demon.co.uk (Simon Waters) writes:

> The ISC.ORG web site recommends leaving the BIND version string
> unchanged to assist in troubleshooting. 
> 
> I remain unconvinced that showing the version string helps much.

it helped you with your survey, didn't it?

hiding it doesn't help at all.  people who want to know if you're vulnerable
and to what have tools to find out.

hiding it DOES however make it harder for people (including network owners)
to do surveys.

until, that is, somebody breaks into a server using some published hole and
then modifies the version string so the admin's periodic audit won't show it
as needing to be upgraded.  so -- don't believe it if it says you're safe,
use indications of unsafety as reasons to prioritize those servers for a
closer audit.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.