North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Vixie doing his part to make people upgrade (was:Re: Reasons whyBIND isn't being upgraded)
If they do a free security scan they are paying for it and your box is safe if they are not advising you on the result, I would personally say Whew, thank god someone has my back covered..... [email protected] wrote: > On Fri, 2 Feb 2001, Patrick Greenwell wrote: > > > > > P.S. AboveNet is taking the latest BIND vunerability(ies) seriously enough > > that they are beginning wholescale scans of their address space. Draw your > > own conclusions related to masking version numbers. > > > The bulk of that announcement from Above.net is from 2 lines: > > We will be checking every IP in our space on port 53 in order to find > > versions of BIND open to a root exploit. > > I'm not sure my agreement with Above.net allows them to scan my network, > though it is admittedly their IP space. I'll go check the paperwork on > Monday. (Honestly I expect to find it does, though I must have been > smoking something when I signed it. Above.net is usually on stable legal > ground.) > > That aside, I am concerned that the announcement makes no mention of who > they would disclose this information to. Presumably the registered > contacts for the offending customer, but above.net has not said they'll > tell anyone. > > Needless to say, I am not happy with this. I can't imagine anyone would > be happy with their provider scanning their network. > > (Also leaving aside the fact that this scan will be pretty much > useless, given cases where named is run as a different user, chroot'd, > instructed to lie about its version number, etc.) > > Matthew Devney -- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh
|