[Dshield] Spam Surge and funny things with auditors

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Sep 1 03:56:41 GMT 2007


On Fri, 31 Aug 2007 11:37:50 +0200, Ulf Bahrenfuss said:
> direct recommendations. Among them the most glaring "immediate action
> point" was the report about my internal DNS servers. They were obviously
> outdated and a security risk because they answered to a version request
> with "their" version number. The number I configured to give back was
> 6.6.6 and that is well below known secure numbers :-) The recommendation
> was to update and change the config to give back a false number or no
> number, hmmmm okay

If you tried the snarf-the-version trick against the NSA's public-facing
nameservers a while back, they'd report the version string:

"These are not the nameservers you are looking for..."

(And yes, a *high* fraction of "security auditors" are bozos who can't
even run Nessus and interpret the results for themselves - looking at a
version number 6.6.6 and not cluing in is about par for the course....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070831/e15082b6/attachment.bin 


More information about the list mailing list