Re: chroot bind?
On Mon, Apr 23, 2001 at 12:29:17PM +0200, Marco d'Itri wrote:
> On Apr 22, Yotam Rubin <email@example.com> wrote:
> >I disagree. A lot of the vulnerability scanners out there determine whether
> >a host is susceptible to a certain bug by looking at its version.bind record.
> I disagree. A lot of scanners just send the exploit and don't care.
Um, scanners follow the reputation of their name, they merely scan for
vulnerabilities. I agree that previously, attackers probed hosts for
vulnerabilities prior to launching an attack, and now this has changed a bit.
It does not however, imply that we should ease the life of those who still
follow conventional script kiddie methods. If version 'Not available' is
able to thwart at least a single scan, then it's worth it.
> >Debugging? When in debugging does one check one's version.bind?
> When he wants to see if his secondary servers are vulnerable, or if his
> ISP is a crap ISP.
> Or when debugging cache pollution problems one needs to check if the
> server is running BIND 4.x or older 8.x releases.
Doesn't one know one's bind version? I believe that probes for the version.bind
are mostly malicious in nature. If one wishes to determine the bind version
of his ISP, one can simply call up the respective technical support center.
Regards, Yotam Rubin
 I'm not entirely correct, there are scanners which both scan and attack,
but that's not the majority of scanners.