[18958] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Fri Feb 2 13:23:30 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <200102021624.f12GOaE96582@cwsys.cwsent.com>
Date: Fri, 2 Feb 2001 08:24:03 -0800
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-To: hendy@TEAM-TESO.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 31 Jan 2001 08:17:41 +0100."
<20010131081741.A14647@team-teso.net>
In message <20010131081741.A14647@team-teso.net>, Hendy * writes:
> On Wed, Jan 31, 2001 at 02:13:07PM -0500, Lucas Holt wrote:
> > Hiding a version number does not someone who knows what they are doing, but
> it
> > does stop script kiddies out there. If a 14 year old kid can not figure ou
> t what
> > they are dealing with, they will move on to easier targets.
>
> agreed, but it won't just stop kiddies, but more important, massowns,
> which take place e.g. to build up distributed flood networks, won't attack
> your host, if you changed the version string.
>
> on the other hand, a changed version string could also ''attract'' hackers,
> who want to break into that host.
>
> i am pretty sure bind fingerprinting tools will shop up when people will
> remove/change their named's version strings.
Changing the version string on a 8.2.3 or 9.1.0 server to report 4.9.5
would be a better solution. Script kiddies and more experienced
crackers will attempt BIND4 exploits on your BIND8 or 9 server and
confuse them for a while. Hopefully by then you would have noticed the
activity. Automated notification to one's pager will help.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
