BIND Version check
Michael Bryan
bind at ursine.com
Tue Jun 20 20:23:57 UTC 2000
Daniel Norton wrote:
>
> Upgrading to the latest works fine until vulnerabilities for that
> version are known. Once the vulnerabilities are known, there is a open
> window until you fix them.
True. Which is why security-based lists must be monitored, and accessible
servers need to be hardened so as to minimize the damage that can be done if
somebody does break in through a new exploit.
> Don't allow the window by not allowing the version of your server to be known.
Which is exactly the fallacious (and dangerous) line of reasoning I was talking
about earlier. Obscuring the version does -not- prevent the window of
vulnerability from occuring. Anybody who assumes it does is asking to wake up
some morning with a rude surprise waiting for them.
More information about the bind-users
mailing list