Blocking version information

Barry Finkel b19141 at
Mon Jun 20 15:04:02 UTC 2005

If I had a script that exploited a vulnerability in some version of
BIND, what would I do?

1) Check the version of BIND running on a server to see if that version
   were exploitable by the script.

   a) If the version was explotable, then the script would work.
   b) If the version string was falsified and the script would not
      exploit BIND, then find another BIND server to exploit.

2) Run the script, and if it does not exploit, then find another BIND
   server to exploit.

I would assume that most of the script users would follow path 2),
as it is finds more exploits more quickly than path 1).  If this is
the case, then why hide the version number if the script users do not
use that version number?
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list