On Tue, Mar 27, 2001 at 10:23:35AM -0800, Phil Stracchino wrote:
> True, but why not exploit their weaknesses while they're available?

There's always the cockroach/virus principle.

Teach them about chattr (especially with a script that does the work
for you... hrm, doesn't that sound familiar?), and it'll be
accounted for next time around.

I don't see why any of this is a substitute to upgrading your name
servers to a safe version of BIND, running it as an unprivileged
user, and chroot'ing it. It's really not hard, and it's the only way
to be sure that all you'll lose if what you thought was a safe BIND
is compromised is the name server itself, not access to your machine
and network.

Suggesting you can't afford the outtage to upgrade to BIND9 is
ridiculous considering the outtage that rebuilding a machine causes.

       ~ g r eclipsed.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]