Security Incidents mailing list archives
Re: Microsoft version.binding us now?
From: billm () DANGER MS (Bill Marquette)
Date: Thu, 1 Jun 2000 19:12:04 -0500
FromF5 tech support:
The current methods of probing that we do are an ICMP ping a UDP or TCP 1/2 open socket connect which we gracefully shut down after. And in the soon to be released 2.1 we have added two new protocols to the list, DNS_VER and DNS_DOT. The DNS_VER is what he is seeing this is a less obtrusive method of probing an LDNS. It is easy to set the version type of BIND to a bogus parameter such as "chaos" or "go away". We don't care what the response is we are not looking for the version just the response. You can also ask our customer to be removed their probing list. The argument is of course ridiculous. DNS_VER is NOT less obtrusive than any of the other options they mentioned. As a side note, can people PLEASE stop sending their "out of office" messages to people posting to this list? --Bill --billm () danger ms
Current thread:
- Re: Microsoft version.binding us now? Fernando Cardoso (May 30)
- <Possible follow-ups>
- Re: Microsoft version.binding us now? Klaus Steding-Jessen (May 30)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 01)
- Re: Microsoft version.binding us now? Thijs Eilander (May 30)
- Re: Microsoft version.binding us now? Bill Marquette (Jun 01)
- Re: Microsoft version.binding us now? Richard Bejtlich (Jun 02)
- Scan of the Week continued Lance Spitzner (Jun 03)
- very strange scan patterns Joe H (Jun 05)
- Re: very strange scan patterns John Kristoff (Jun 05)
- Sub-7 Khan, Mansoor (Jun 05)
- Re: Sub-7 James Stevenson (Jun 08)
- Re: Sub-7 Matthew F. Caldwell (Jun 08)
- Re: Sub-7 nine (Jun 08)
- Strange scans - inquisitive question Paul Rogers (Jun 09)
- Re: Strange scans - inquisitive question Valdis Kletnieks (Jun 11)