Bind version number
Tilman Schmidt
Tilman.Schmidt at sema.de
Wed Feb 16 10:44:47 UTC 2000
At 22:02 15.02.00 GMT, dgreco at atlantic.net wrote:
>We recently got hacked. They knew they could get us because they used
>dig to find version numbers of bind over a wide range of IP addresses.
I saw a lot of scans for port 53 and queries for "version.bind" here
recently, too. Thought it was something like that.
>Is there anyway to get DNS to report its version number as <UNKNOWN> or
>some bogus number?
Mine doesn't answer queries for "version.bind" from strangers at all,
as a side effect of restricting queries from outside my own network
to zones I am serving myself, following CIAC Bulletin J-063 / AUSCERT
Alert AL-1999.004 on DoS attacks using DNS servers as traffic amplifiers.
But hiding your BIND version is security by obscurity, which as we all
know doesn't work. What you should do is run a current version of BIND
where the known security holes have been plugged, and keep up to date on
networking security developments. Then you can post your BIND version
on your homepage and still be safe.
--
Tilman Schmidt E-Mail: Tilman.Schmidt at sema.de (office)
Sema Group Koeln, Germany tilman at schmidt.bn.uunet.de (private)
More information about the bind-users
mailing list