|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Reasons why BIND isn't being upgraded
[email protected] (Simon Waters) writes: > The ISC.ORG web site recommends leaving the BIND version string > unchanged to assist in troubleshooting. > > I remain unconvinced that showing the version string helps much. it helped you with your survey, didn't it? hiding it doesn't help at all. people who want to know if you're vulnerable and to what have tools to find out. hiding it DOES however make it harder for people (including network owners) to do surveys. until, that is, somebody breaks into a server using some published hole and then modifies the version string so the admin's periodic audit won't show it as needing to be upgraded. so -- don't believe it if it says you're safe, use indications of unsafety as reasons to prioritize those servers for a closer audit.
|