On Sun, Apr 22, 2001 at 06:23:43PM +0200, Marco d'Itri wrote: > On Apr 21, Yotam Rubin <yotam@makif.omer.k12.il> wrote: > > >We could harden the default configuration with the following directives: > > > > version 'Not available'; > This does not harden anything and just makes debugging harder. > Don't dare putting something like this in the default configuration of a > debian package. I disagree. A lot of the vulnerability scanners out there determine whether a host is susceptible to a certain bug by looking at its version.bind record. If a bug were to be discovered in 8.2.3, conventional script kiddie methods will not properly function. Obviously, it does not provide full 'protection', but it will render a lot of scanners out there useless. Debugging? When in debugging does one check one's version.bind? Regards, Yotam Rubin > > -- > ciao, > Marco > > > -- > To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Attachment:
pgpDq96k_w7Gh.pgp
Description: PGP signature