[18914] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (Lucas Holt)
Wed Jan 31 18:54:08 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854";
x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 7bit
Message-Id: <3A7863C2.1B5B387C@foolishgames.com>
Date: Wed, 31 Jan 2001 14:13:07 -0500
Reply-To: Lucas Holt <luke@FOOLISHGAMES.COM>
From: Lucas Holt <luke@FOOLISHGAMES.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hiding a version number does not someone who knows what they are doing, but it
does stop script kiddies out there. If a 14 year old kid can not figure out what
they are dealing with, they will move on to easier targets.
"William D. Colburn (aka Schlake)" wrote:
> The FAQ file that comes with the distribution already covers all this.
> While it used to seem like a good idea to obfuscate version numbers,
> things like nmap can be written for just about any internet service
> which would make version obfuscation just a false sense of security.
> Even if your version is obscured, a known exploit will still work
> against it if someone tries. I agree with the BIND people that there
> isn't much point in hiding that information.
>
>
--
Lucas Holt
Luke@FoolishGames.com
___________________________________________________
http://www.foolishgames.com
"The Macintosh software might have become the successor to MS-DOS.
OS/2 or UNIX might have. As it happened, MS-DOS was succeeded by Windows..."
--Bill Gates, The Road Ahead
If Windows never happened, what would be on your desktop?
