CHAOS version.bind
Jim Reid
jim at rfc1035.com
Mon Jan 29 16:16:25 UTC 2001
>>>>> "Joseph" == Joseph S D Yao <jsdy at cospo.osis.gov> writes:
>> IN domains, I found the following line in the logging of bind
>> (named):
>>
>> XX+/212.68.193.196/version.bind/TXT/CHAOS
>>
>> Has someone any idea why this query was sent to my DNS server?
>> Should I be worried about it?
Joseph> Probing for your version may be innocent, or it may be
Joseph> seeing how you are vulnerable. Protect yourself by
Joseph> upgrading to BIND 8.2.3 [newly off beta] or 9.1.0.
If someone knows of a vulnerability in BIND, the chances are they'll
just try it without trying to first find out which version their
victim is running. [Not that that tells them anything anyway. People
have been known to put replace the version number with other strings.]
Script kiddies in particular do this because they usually don't have a
clue what the vulnerability is or what they're attacking. They just
blindly follow a cookbook and run a program that one of their peers
claims can penetrate something-or-other.
More information about the bind-users
mailing list