BIND Version check

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Jun 23 13:45:35 UTC 2000


Daniel Norton wrote:

>On 20 Jun 2000 17:29:04 -0700, "Tony Grace" <tony at grace.net.au> wrote:
>>CERT
>>and in Australia AUSCERT have security papers with recommendations on hiding
>>BIND version numbers.
>
>Here's another bennie: I just now caught a hacker, thanks to
>"allow-query { localhost ;}" on "version.named".  Of course, he was
>coming in from a freshly hacked system, so I don't know originally
>whence he came, but he stopped using that system to hack others, anyway.
>He was doing precisely what I expected a hacker might do, by looking at
>version.named.

I am not sure I understand this posting.  Daniel, are you stating that
you caught the hacker because you changed/hid the BIND version, or are
you saying that you caught the hacker because the BIND version was
accessible?  I can read your posting either way.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994




More information about the bind-users mailing list