Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reasons why BIND isn't being upgraded

  • From: Greg A. Woods
  • Date: Thu Feb 01 23:21:12 2001

[ On Thursday, February 1, 2001 at 21:13:20 (-0500), Adam McKenna wrote: ]
> Subject: Re: Reasons why BIND isn't being upgraded
>
> I always thought that it was regarded as generally good security practice to
> give out as little information about your systems as possible, and none at
> all if you can help it.  The BIND version should at least only be accessible
> from a set of defined IP addresses, defaulting to 127/8.

Not necessarily.

As Paul has shown, and as I and others have explained in other forums,
hiding the version identifier in this case can obscure the presense of
an older buggy version that's in desparate need of upgrading.

Only the most simplistic and poorly designed exploits would trust the
version identifier anyway, *especially* after these kinds of discussions!  ;-)

Never try to hide something that's plainly obvious on some other level.
It only makes people more curious, and I'm including those wearing grey
and black hats in "people" here.....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.