version.bind
Barry Margolin
barmar at genuity.net
Tue Jun 6 17:24:52 UTC 2000
In article <3.0.3.32.20000606065135.01e725b0 at pop3.hank.org>,
Bill Moseley <moseley at hank.org> wrote:
>I keep getting refused queries (I only allow queries for my local zones)
>for "version.bind" from various different IP numbers.
My guess is they're network scanners looking for versions of BIND with
known vulnerabilities.
>named[121]: unapproved query from [211.53.209.124].4421 for "version.bind"
>named[28152]: unapproved query from [216.174.66.131].2855 for "version.bind"
>
>Did some versions of bid return the version for this type of query?
Since 4.9.5 BIND has returned its version number for Name=version.bind,
type=TXT, class=CHAOS.
>BTW -- that second IP later tried this:
>popper[2168]: refused connect from 216.174.66.131
Yep, sounds like a port scanner.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list