nanog mailing list archives

Re: Reasons why BIND isn't being upgraded

From: Paul Vixie <vixie () mfnx net>
Date: 01 Feb 2001 18:07:44 -0800


Simon () wretched demon co uk (Simon Waters) writes:

The ISC.ORG web site recommends leaving the BIND version string
unchanged to assist in troubleshooting. 

I remain unconvinced that showing the version string helps much.


it helped you with your survey, didn't it?

hiding it doesn't help at all.  people who want to know if you're vulnerable
and to what have tools to find out.

hiding it DOES however make it harder for people (including network owners)
to do surveys.

until, that is, somebody breaks into a server using some published hole and
then modifies the version string so the admin's periodic audit won't show it
as needing to be upgraded.  so -- don't believe it if it says you're safe,
use indications of unsafety as reasons to prioritize those servers for a
closer audit.

Current thread:

Re: [NANOG] Re: Reasons why BIND isn't being upgraded, (continued)
- - - Re: [NANOG] Re: Reasons why BIND isn't being upgraded Derek J. Balling (Feb 24)
    - Re: [NANOG] Re: Reasons why BIND isn't being upgraded mdevney (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
    - Re: [NANOG] Re: Reasons why BIND isn't being upgraded Pete Ehlke (Feb 24)
  - Re: [NANOG] Re: Reasons why BIND isn't being upgraded Paul Vixie (Feb 24)
    - Re: [NANOG] Re: Reasons why BIND isn't being upgraded Jim Mercer (Feb 24)
  - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
    - Re: [NANOG] Re: Reasons why BIND isn't being upgraded Pim van Riezen (Feb 24)
    - Re: [NANOG] Re: Reasons why BIND isn't being upgraded J Bacher (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
- Re: Reasons why BIND isn't being upgraded Paul Vixie (Feb 24)
  - Re: Reasons why BIND isn't being upgraded Adam McKenna (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
  - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Bill Woodcock (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Joe Rhett (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Kevin Oberman (Feb 24)
    - Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) mdevney (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Mikael Abrahamsson (Feb 24)

(Thread continues...)