On Sun, Apr 22, 2001 at 06:23:43PM +0200, Marco d'Itri wrote: > On Apr 21, Yotam Rubin <[EMAIL PROTECTED]> wrote: > > >We could harden the default configuration with the following directives: > > > > version 'Not available'; > This does not harden anything and just makes debugging harder. > Don't dare putting something like this in the default configuration of a > debian package.
I disagree. A lot of the vulnerability scanners out there determine whether
a host is susceptible to a certain bug by looking at its version.bind record.
If a bug were to be discovered in 8.2.3, conventional script kiddie methods
will not properly function. Obviously, it does not provide full 'protection',
but it will render a lot of scanners out there useless.
Debugging? When in debugging does one check one's version.bind?
Regards, Yotam Rubin
>
> --
> ciao,
> Marco
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
pgpRsyDdbO8BA.pgp
Description: PGP signature
