[34293] in North American Network Operators' Group
Re: Reasons why BIND isn't being upgraded
daemon@ATHENA.MIT.EDU (Patrick Greenwell)
Fri Feb 2 11:52:32 2001
Date: Fri, 2 Feb 2001 08:48:42 -0800 (PST)
From: Patrick Greenwell <patrick@cybernothing.org>
To: Paul Vixie <vixie@mfnx.net>
Cc: nanog@merit.edu
In-Reply-To: <g34rydzvkf.fsf@redpaul.mfnx.net>
Message-ID: <Pine.BSF.4.21.0102020847130.38021-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On 1 Feb 2001, Paul Vixie wrote:
>
> Simon@wretched.demon.co.uk (Simon Waters) writes:
>
> > The ISC.ORG web site recommends leaving the BIND version string
> > unchanged to assist in troubleshooting.
> >
> > I remain unconvinced that showing the version string helps much.
>
> it helped you with your survey, didn't it?
>
> hiding it doesn't help at all. people who want to know if you're vulnerable
> and to what have tools to find out.
>
> hiding it DOES however make it harder for people (including network owners)
> to do surveys.
By the same token one might argue that atempting to hide vunerabilities
to those paying you for "early warnings" doesn't help at all.
Just something to consider.
