[18921] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (Russell Fulton)
Thu Feb 1 13:09:27 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Message-Id: <SIMEON.10102011309.O6845@bluebottle.itss>
Date: Thu, 1 Feb 2001 13:12:09 +1300
Reply-To: r.fulton@AUCKLAND.AC.NZ
From: Russell Fulton <r.fulton@AUCKLAND.AC.NZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010131081500.A28195@nmt.edu>
On Wed, 31 Jan 2001 08:15:01 -0700 "William D. Colburn (aka Schlake)"
<wcolburn@NMT.EDU> wrote:
> The FAQ file that comes with the distribution already covers all this.
> While it used to seem like a good idea to obfuscate version numbers,
> things like nmap can be written for just about any internet service
> which would make version obfuscation just a false sense of security.
> Even if your version is obscured, a known exploit will still work
> against it if someone tries. I agree with the BIND people that there
> isn't much point in hiding that information.
>
Me too.
Obfuscated version numbers also make internal auditing much more
difficult.
I see many automated attacks (particularly against ftp) which make no
effort to work out which software is running and what hardware it is
running on.
Kiddies don't look and professionals won't be fooled, you will only
fool a few in the middle.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
