Re: bindvrs Vulnerability

2010-01-12 Thread Niobos
On 12 Jan 2010, at 17:15, Lightner, Jeff wrote: For BIND blocking the version keeps the auditors from asking the question since they don't know base version let alone extended version. Which tells more about the auditors than about the feature to do so __

Re: bindvrs Vulnerability

2010-01-12 Thread Audrey Beach
Nagaraj One way to is to make a change in the named.conf. see below. This will output what you supply instead of the version number. change in named.conf options { version "Confidential"; }; Hope this is what you were looking for. On Tue, Jan 12, 2010 at 9:51 AM, Kevin Darcy wrote

RE: bindvrs Vulnerability

2010-01-12 Thread Lightner, Jeff
ow base version let alone extended version. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Alan Clegg Sent: Tuesday, January 12, 2010 11:09 AM To: bind-users@lists.isc.org Subject: Re: bindvr

Re: bindvrs Vulnerability

2010-01-12 Thread Alan Clegg
Lightner, Jeff wrote: > Sometimes you have to do things like hiding your version just because it > came up on the security audit. It's a lot easier to make them shut up > by doing what they want than by explaining to them that what they want > is meaningless. That said, if your "security audit" a

RE: bindvrs Vulnerability

2010-01-12 Thread Lightner, Jeff
htner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Kevin Darcy Sent: Tuesday, January 12, 2010 10:52 AM To: bind-users@lists.isc.org Subject: Re: bindvrs Vulnerability Hiding your version accomplishes little. a) attackers can using "fing

Re: bindvrs Vulnerability

2010-01-12 Thread Kevin Darcy
Hiding your version accomplishes little. a) attackers can using "fingerprinting" technology to determine your BIND version even if you obscure it b) attackers can just brute force all of the known attacks in the hopes that you're vulnerable to at least one of them The real solution is to upgr

Re: bindvrs Vulnerability

2010-01-12 Thread Chris Buxton
On Jan 11, 2010, at 11:26 PM, Balanagaraju Munukutla wrote: > Hi > > How to Disable the BIND version query feature in BIND 9.2.1. > > This is a bindvrs Vulnerability. This is not a vulnerability, it's a feature. The vulnerability relates to running BIND 9.2.1 - there are several very serious

Re: bindvrs Vulnerability

2010-01-11 Thread Yohann LEPAGE
Balanagaraju Munukutla a écrit : Hi Hi, How to Disable the BIND version query feature in BIND 9.2.1. in named.conf : options { version"what you want"; }; Or just : http://www.google.com/search?q=disable+version+bind -- Yohann LEPAGE Post-scriptum La Poste Ce message