[18920] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (Hendy *)
Thu Feb 1 12:42:44 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010131081741.A14647@team-teso.net>
Date: Wed, 31 Jan 2001 08:17:41 +0100
Reply-To: hendy@TEAM-TESO.NET
From: Hendy * <hendy@TEAM-TESO.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A7863C2.1B5B387C@foolishgames.com>; from luke@FOOLISHGAMES.COM
on Wed, Jan 31, 2001 at 02:13:07PM -0500
On Wed, Jan 31, 2001 at 02:13:07PM -0500, Lucas Holt wrote:
> Hiding a version number does not someone who knows what they are doing, but it
> does stop script kiddies out there. If a 14 year old kid can not figure out what
> they are dealing with, they will move on to easier targets.
agreed, but it won't just stop kiddies, but more important, massowns,
which take place e.g. to build up distributed flood networks, won't attack
your host, if you changed the version string.
on the other hand, a changed version string could also ''attract'' hackers,
who want to break into that host.
i am pretty sure bind fingerprinting tools will shop up when people will
remove/change their named's version strings.
take care,
-hendy
--
. ,!. . _ ___ ___________________________________________________ __ _ .
,j't. hendy@team-teso.org [TESO] or hendy@xentix.homeip.net [HOME]
K=-=:: -=-> fax & vbox: +49-2561-959-55697 gsm/sms: hendy-sms@team-teso.net
"=i.: [-' PGP: ``finger hendy@team-teso.net'' [www.team-teso.net/hendy]
/;:":.\ PGP Fprint: 5AAE 5111 2C39 5E86 9D45 70C3 CA8F 0C20 EF27 264A
. ;}' '(, . _ ___ ____________________________________________________ . :wq!
