Blocking version information
Barry Finkel
b19141 at achilles.ctd.anl.gov
Mon Jun 20 15:04:02 UTC 2005
If I had a script that exploited a vulnerability in some version of
BIND, what would I do?
1) Check the version of BIND running on a server to see if that version
were exploitable by the script.
a) If the version was explotable, then the script would work.
b) If the version string was falsified and the script would not
exploit BIND, then find another BIND server to exploit.
2) Run the script, and if it does not exploit, then find another BIND
server to exploit.
I would assume that most of the script users would follow path 2),
as it is finds more exploits more quickly than path 1). If this is
the case, then why hide the version number if the script users do not
use that version number?
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list