How can you secure this information RE: Easy way to determine BIN D version remotely?

Sheer El-Showk sheer at tartarus.netherrealm.net
Tue May 9 03:19:36 UTC 2000 

Look near the bottom of this page:

http://www.securiteam.com/unixfocus/BIND_version_8_2_2_and_prior_is_vulnerable_to_root_compromise.html

I'm not sure if this will make it entirely impossible to determine the
version number or if there is some more obscure way to (see earlier
response regarding using remote queries to determine version number).

Sheer


 On Mon, 8 May 2000, Christian Stratton wrote:

> 
> How can you stop the version from being able to be listed. Is there a statement I have to put in the named.conf?
> Thanks
> Christian D. Stratton
> 
> 
> 
> 
> -----Original Message-----
> From: Len Conrad [mailto:lconrad at Go2France.com]
> Sent: Monday, May 01, 2000 6:59 AM
> To: bind-users at isc.org
> Subject: RE: Easy way to determine BIND version remotely?
> 
> 
> dig @ns.domain.com txt chaos version.bind.
> 
> 
> 
> 
> >YOu can do
> >
> >nslookup > set class=chaos
> >nslookup > set type=txt
> >nslookup > version.bind
> >
> >This will give you the bind vesion.
> >
> >Hope it helps
> >+DJ
> >
> >-----Original Message-----
> >From: See_email_ at ddress_below.This_one_is.invalid
> >[mailto:See_email_ at ddress_below.This_one_is.invalid]
> >Sent: Sunday, April 30, 2000 3:56 AM
> >To: comp-protocols-dns-bind at moderators.isc.org
> >Subject: Easy way to determine BIND version remotely?
> >
> >
> >
> >Is there a straightforward way to see either or both of
> >the BIND version, or other DNS software version that a
> >particular DNS server is running, if I don't have root
> >access to the machine?
> >
> >Someone mentioned using nslookup for such a query but I
> >can't see anything that gives that kind of information.
> >
> >TIA,
> >
> >
> >Phil
> >
> >
> >--
> >Philip J. Koenig         The Electric Kahuna Organization
> >[anti-spammed]
> >----------------Computers & Communications for the New
> >Millennium-------------
> >* To send email, remove numbers and spaces:  pjkunet64 @  ekahuna27 . com
> >*
> >*
> >*
> >* Expose ORBS for what it is: abuse of the net.
> >*
> >* Simple answers are for simple minds.  Try a new way of looking at things.
> >*
> >
> >
> 
> 
> 
>

More information about the bind-users mailing list