Vixie doing his part to make people upgrade (was:Re: Reasons whyBIND isn't being upgraded)
Henry R. Linneweh
linneweh at concentric.net
Sat Feb 3 16:33:24 UTC 2001
If they do a free security scan they are paying for it and your box is safe if
they are not advising you on the result, I would personally say Whew, thank
god someone has my back covered.....
mdevney at teamsphere.com wrote:
> On Fri, 2 Feb 2001, Patrick Greenwell wrote:
>
> >
> > P.S. AboveNet is taking the latest BIND vunerability(ies) seriously enough
> > that they are beginning wholescale scans of their address space. Draw your
> > own conclusions related to masking version numbers.
> >
> The bulk of that announcement from Above.net is from 2 lines:
> > We will be checking every IP in our space on port 53 in order to find
> > versions of BIND open to a root exploit.
>
> I'm not sure my agreement with Above.net allows them to scan my network,
> though it is admittedly their IP space. I'll go check the paperwork on
> Monday. (Honestly I expect to find it does, though I must have been
> smoking something when I signed it. Above.net is usually on stable legal
> ground.)
>
> That aside, I am concerned that the announcement makes no mention of who
> they would disclose this information to. Presumably the registered
> contacts for the offending customer, but above.net has not said they'll
> tell anyone.
>
> Needless to say, I am not happy with this. I can't imagine anyone would
> be happy with their provider scanning their network.
>
> (Also leaving aside the fact that this scan will be pretty much
> useless, given cases where named is run as a different user, chroot'd,
> instructed to lie about its version number, etc.)
>
> Matthew Devney
--
Thank you;
|--------------------------------|
| Thinking is a learned process. |
| ICANN member @large |
| Gigabit over IP, ieee 802.17 |
| working group |
| Resilient Packet Transport |
|--------------------------------|
Henry R. Linneweh
More information about the NANOG
mailing list