In message <20010131081741.A14647team-teso.net>, Hendy * writes:
> On Wed, Jan 31, 2001 at 02:13:07PM -0500, Lucas Holt wrote:
> > Hiding a version number does not someone who knows what they are doing, but
> it
> > does stop script kiddies out there. If a 14 year old kid can not figure ou
> t what
> > they are dealing with, they will move on to easier targets.
>
> agreed, but it won't just stop kiddies, but more important, massowns,
> which take place e.g. to build up distributed flood networks, won't attack
> your host, if you changed the version string.
>
> on the other hand, a changed version string could also ''attract'' hackers,
> who want to break into that host.
>
> i am pretty sure bind fingerprinting tools will shop up when people will
> remove/change their named's version strings.

Changing the version string on a 8.2.3 or 9.1.0 server to report 4.9.5
would be a better solution. Script kiddies and more experienced
crackers will attempt BIND4 exploits on your BIND8 or 9 server and
confuse them for a while. Hopefully by then you would have noticed the
activity. Automated notification to one's pager will help.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubertosg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]