BIND Version check
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Jun 23 13:45:35 UTC 2000
Daniel Norton wrote:
>On 20 Jun 2000 17:29:04 -0700, "Tony Grace" <tony at grace.net.au> wrote:
>>CERT
>>and in Australia AUSCERT have security papers with recommendations on hiding
>>BIND version numbers.
>
>Here's another bennie: I just now caught a hacker, thanks to
>"allow-query { localhost ;}" on "version.named". Of course, he was
>coming in from a freshly hacked system, so I don't know originally
>whence he came, but he stopped using that system to hack others, anyway.
>He was doing precisely what I expected a hacker might do, by looking at
>version.named.
I am not sure I understand this posting. Daniel, are you stating that
you caught the hacker because you changed/hid the BIND version, or are
you saying that you caught the hacker because the BIND version was
accessible? I can read your posting either way.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list