RE: Reasons why BIND isn't being upgraded

Mailman List Mirror (Read Only)
1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think if anything is to be stressed here is that it should be left up to the
administrator of the network to choose whether they wish the version records to
be available or not. Theory can be argued for it to either be enabled or
disabled but honestly I wouldn't care either way if the choice was left to me
and by default it was not enabled until I specified otherwise. I had no idea
that named had ever responded this way until it was posted to this list to my
surprise. I am not an advocate of security through obscurity however I don't
feel that administrators should be removing all doubt to script kiddies of what
versions of software they are running so easily. Make them work for it.

Greg

+(gcarter@infoDNS.com)-------------------------------------------------+

infoDNS http://www.infodns.com/ |
Senior Network Administrator bits/keyID 1024/7DF9C285 |
Need help? Ask an expert. -------------> http://www.infoforums.com/ |

+--------[ DC 50 57 59 C3 76 46 E8 EB 75 A8 94 FE 96 9E D3 ]----------+

- -----Original Message-----

2

The above is my answer as well. Let's face it, you're going to get
hacked (cracked for the clueless pedantic). That's a reality: There is
someone on the planet better than you
and he will one day take a liking to your machine. The best we can do is
make him work his ass off for it.

Incidintally that gets rid of the script kiddies too. When a machine
under my control is hacked (as I know one day it will be), I want it to be
by a world-class genius hacker. A script kiddie flooding Undernet off my
box would be embarrassing.

-Matthew Devney
Teamsphere Interactive