North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reasons why BIND isn't being upgraded

  • From: Adam McKenna
  • Date: Thu Feb 01 21:24:23 2001

On Thu, Feb 01, 2001 at 06:07:44PM -0800, Paul Vixie wrote:
> [email protected] (Simon Waters) writes:
> > I remain unconvinced that showing the version string helps much.
> 
> it helped you with your survey, didn't it?
> 
> hiding it doesn't help at all.  people who want to know if you're vulnerable
> and to what have tools to find out.
> 
> hiding it DOES however make it harder for people (including network owners)
> to do surveys.

I always thought that it was regarded as generally good security practice to
give out as little information about your systems as possible, and none at
all if you can help it.  The BIND version should at least only be accessible
from a set of defined IP addresses, defaulting to 127/8.

--Adam

-- 
Adam McKenna <[email protected]> | "No matter how much it changes, 
http://flounder.net/publickey.html   |  technology's just a bunch of wires 
GPG: 17A4 11F7 5E7E C2E7 08AA        |  connected to a bunch of other wires."
     38B0 05D0 8BF7 2C6D 110A        |  Joe Rogan, _NewsRadio_
  9:10pm  up 236 days, 19:28,  8 users,  load average: 0.00, 0.00, 0.00