|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sorry to ruin several of your evenings...
attack away... it's a bit harder to figure out what it is... and bind's not exploitable (at least not yet...) so as long as all other things are 'ok' I'm just denying intel to the 'enemy'... besides, tcp queries are verboten anyway :) --Chris On Tue, 30 Jan 2001 [email protected] wrote: > lets see... (from previous discussions on the usefullness of tweeking > the version) > > wearing my blackhat, i have to decide which system is worthty > of my talents... which one should I pick? > > version "bad-ass-bind"; > -or- > version "9.1.0" > > of course I could be running 4.8.1 and simply recompile so it _reports_ > a bogus version but the profile of a 9.1.0 code base is -very- distinct > from a 4.8.1 code base... esp on replies to queries. > > Pick your targets carefully. > > > > > Why not jus return some 'bogus' version ??? like this option allows: > > > > version "bad-ass-bind"; > > > > :) > > > > --Chris > > > > ####################################################### > > ## UUNET Technologies, Inc. ## > > ## Manager ## > > ## Customer Router Security Engineering Team ## > > ## (W)703-289-8479 (C)703-283-3734 ## > > ####################################################### > > > > On Tue, 30 Jan 2001, Stephen Stuart wrote: > > > > > > > > > While it's not exactly a problem, it does give away that you're running > > > > bind9 (I do like the new 'version' option where you can set the > > > > version.bind reply) even if you change the version to appear to be a bind8 > > > > server. > > > > > > "allow-query" lets you control who can see that information: > > > > > > zone "bind" chaos { > > > allow-query { > > > 127.0.0.1 ; > > > xxx.xxx.xxx.xxx/len ; > > > } ; > > > type master; > > > file "filename"; > > > }; > > > > > > Stephen > > > > > > > >
|