Security concern
Marc Storck
marc at storck.org
Fri May 18 01:13:47 UTC 2001
Hello,
I run BIND 8.2.3-REL, and I have the following in my named.conf
options {
directory "/etc/named";
forwarders { 195.206.105.1; 194.154.192.102; };
allow-transfer { 195.206.104.0/22; 205.189.73.123; };
version {"God save Grand Duke Heng of Luxembourg!"};
};
zone "." { type hint; file "db.cache"; };
zone "...............
..........
But your nslookup command still gives me
Server: domain.tld
Address: aaa.bbb.ccc.ddd
VERSION.BIND text = "8.2.3-REL"
Did I make something wrong?
Thank you very much for your help...
Marc
-----Message d'origine-----
De : Lordy <bind at lordy.de>
À : bind-users at isc.org <bind-users at isc.org>
Date : Freitag, 18. Mai 2001 02:43
Objet : Re: Security concern
>
>Hi Alan,
>
>this probably means that the user did something like:
>
>nslookup -q=TXT -class=CHAOS version.bind your.nameserver.com
>
>If you haven't changed the default settings the user now knows that
>you are running version 4.9.3-BETA26 and might think about attacking
>your nameserver.
>
>For security reasons you should think about putting something like
>this into your BIND configuration file:
>
>options {
> version { "GO AWAY !" };
>};
>
>After this users will not be able to find out which version of BIND you
>are running.
>
>Regards,
>Lordy
>
>At 23:20 17.05.01 +0100, you wrote:
>
>>Im failry new to bind and so was a little disturbed when i saw the
>>following enty in my logs:
>>
>>/nnn.nnn.nnn.nnn/VERSION.BIND/TXT
>>
>>from a cable user where nnn is ip
>>
>>im runnnig veriosn 4.9.3-BETA 26 if that help... i have heard of a worm
>>around but can see none of it's effects
>>
>>Alan Woodalnd
>
>
More information about the bind-users
mailing list