BIND Version reveal.
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Jun 3 14:20:58 UTC 1999
>
> Hi,
>
> I read that from some security papers that determination of DNS Version
> Number can provide attacker necessary advantage of known security problem.
Yes, though from experience most attacks are done blind.
The best way to avoid a successful attack is to stay current.
Hiding the version may make things a little harder but it is
still possible to determine which version of BIND you are
running just by probing with regular queries. Each version
has its own peculiarities, even with version.bind disabled.
>
> My DNS is a 8.1.2. How can I mask the version number from being revealing
> by user without modifying and recompiling the ns_req.c. ...Maybe I am a bit
> greedy, ...just a wish....I want it yet able to tell me which version it is
> using a convention method.
options {
version "replacement string";
};
Mark
>
> I have gone thru cricket's impressive presentation of security and did most
> of the things. Is there any other attack I have to look out for 8.1.2 as
> well.
>
>
> Thanks.
>
> Rgds
> Matt
>
>
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list