bindvrs Vulnerability
Audrey Beach
abeach at gmail.com
Tue Jan 12 17:41:49 UTC 2010
Nagaraj
One way to is to make a change in the named.conf. see below. This will
output what you supply instead of the version number.
change in named.conf
options {
version "Confidential";
};
Hope this is what you were looking for.
On Tue, Jan 12, 2010 at 9:51 AM, Kevin Darcy <kcd at chrysler.com> wrote:
> Hiding your version accomplishes little.
>
> a) attackers can using "fingerprinting" technology to determine your BIND
> version even if you obscure it
> b) attackers can just brute force all of the known attacks in the hopes
> that you're vulnerable to at least one of them
>
> The real solution is to upgrade to a version that's not vulnerable.
>
>
> - Kevin
> Balanagaraju Munukutla wrote:
>
>>
>> Hi
>>
>> How to Disable the BIND version query feature in BIND 9.2.1.
>>
>> This is a bindvrs Vulnerability.
>>
>> Thanks & Regards
>> Nagaraj
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100112/0360baee/attachment.html>
More information about the bind-users
mailing list