Re: Microsoft version.binding us now?

[Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)]

On Tue, May 30, 2000 at 09:40:51AM +0100, Fernando Cardoso wrote:
> Bind version queries and/or DNS zone transfers (6 tries this night from
> a server in Austria) are quite popular in these "bind NXT bug" days.
> Often they are exploratory manoeuvres from script kiddies trying to
> crack your DNS server.
>
> Make sure your nameservers are running bind 8.2.2-P5. Also, defining
> acls for zone transfers might be a good idea.

Yes, thats clear. But a bind version scan is a one time shot, not a continuous
thing. And these MS hosts are trying to retrieve the versions periodically.

Or are the source addresses spoofed? Again, makes no big sense when done
periodically.

Erich