BIND version
Bill Manning
bmanning at ISI.EDU
Thu Jun 14 13:11:19 UTC 2001
It is possible to fingerprinat a server if it answers queries.
to protect your namserver agaist this, refuse to answer any queries.
then your nameserver will be of limited usefulness. remember, the DNS
is a PUBLIC, HOSTILE database. and 0a2 has its own suite of problems.
for stability, you might want ot consider the v8 train.
%
%
% how is it possible to fingerprint a nameserver? can i protect my ns against
% that?
%
% and which security lists are you talking about? where are those lists? i'm
% trying to keep my up to date i'm using 9.2.0a2 .. pretty much "the"
% latests;) (just came out)
%
% ----- Original Message -----
% From: <Mark.Andrews at nominum.com>
% To: "alexus" <ml at db.nexgen.com>
% Cc: <bind9-users at isc.org>; <bind-users at isc.org>
% Sent: Tuesday, June 12, 2001 7:53 PM
% Subject: Re: BIND version
%
%
% >
% > >
% > > Hello
% > >
% > > I'd like to know how is it possible to see a remote version of bind and
% how
% > > can i protect my bind from that? I don't want to other people to
% exploring
% > > which version of bind do I have..
% > >
% > > Thank you in advance.
% > >
% > >
% >
% > Plenty of people will tell you how to do this but it is
% > pointless as it does not raise security. It's quite possible
% > to fingerprint a nameserver and kiddy scripts will try the
% > attacks anyway.
% >
% > The best way to raise security is to follow the security
% > lists and keep up to date.
% >
% > Mark
% > --
% > Mark Andrews, Nominum Inc.
% > 1 Seymour St., Dundas Valley, NSW 2117, Australia
% > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
% >
%
%
--
--bill
More information about the bind-users
mailing list