Re: Microsoft version.binding us now?

[rune () TRANS4MEDIA COM (Rune Kristian Viken)]

On Wed, 28 Jun 2000, you wrote:

> Probably.  One thing you should note is that the "version.bind" probing has
> been removed in the latest builds of 3DNS.  I think you're due for relief
> from those false positive pages and emails...

Good.:)

> I'd think that you might be better served by making sure that "version.bind"
> and other such information gathering does not return any information you
> don't want propagated and by setting your alarm thresholds higher.

*MEEEEEEEEEP*.
Wrong answer.  Anyone else care to try?

First of all, sure you could set your alarmtreshold higher.  The point is that
a lot of scriptkiddies are "version.bind"'ing to find servers which hasn't
upgraded their BIND yet.  And, they mostly do it from cracked machines.  In
order to get rid of the menace, you have to look out for signs of other
computers beeing cracked, and if you find'em -- contact the admin!

If you just ignore the breakin-signs, then scriptkiddes don't get thrown out of
their newly cracked computers, and .. well... I don't think any of us want that.

Therefore, its a problem when your products triggers the same alarms, as those
kiddies.

--
"Rune Kristian Viken" <rune () trans4media com> <http://arcade.kvinesdal.com>
System, Network & Security Administrator.  Phone: (+47) 92 85 34 38