BIND Version check
Jim Reid
jim at rfc1035.com
Tue Jun 20 20:31:19 UTC 2000
>>>>> "Daniel" == Daniel Norton <danorton at suespammers.org> writes:
Daniel> Upgrading to the latest works fine until vulnerabilities
Daniel> for that version are known. Once the vulnerabilities are
Daniel> known, there is a open window until you fix them. Don't
Daniel> allow the window by not allowing the version of your
Daniel> server to be known.
Eh? If there is a vulnerability against the latest version of
something, how can hiding that thing's version number protect against
that vulnerability? If a security weakness exists, the window of
exposure to that weakness exists until the hole is fixed irrespective
of whether a version identification string exists or not. Hiding the
version number doesn't close or even hide that window.
More information about the bind-users
mailing list