Reasons why BIND isn't being upgraded

• Previous message (by thread): [NANOG] Re: Reasons why BIND isn't being upgraded
• Next message (by thread): Reasons why BIND isn't being upgraded
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Simon at wretched.demon.co.uk (Simon Waters) writes:

> The ISC.ORG web site recommends leaving the BIND version string
> unchanged to assist in troubleshooting. 
> 
> I remain unconvinced that showing the version string helps much.

it helped you with your survey, didn't it?

hiding it doesn't help at all.  people who want to know if you're vulnerable
and to what have tools to find out.

hiding it DOES however make it harder for people (including network owners)
to do surveys.

until, that is, somebody breaks into a server using some published hole and
then modifies the version string so the admin's periodic audit won't show it
as needing to be upgraded.  so -- don't believe it if it says you're safe,
use indications of unsafety as reasons to prioritize those servers for a
closer audit.

• Previous message (by thread): [NANOG] Re: Reasons why BIND isn't being upgraded
• Next message (by thread): Reasons why BIND isn't being upgraded
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]