North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Vixie doing his part to make people upgrade (was:Re: Reasons whyBIND isn't being upgraded)

  • From: Henry R. Linneweh
  • Date: Sat Feb 03 11:39:07 2001

If they do a free security scan they are paying for it and your box is safe if
they are not advising you on the result, I would personally say Whew, thank
god someone has my back covered.....

[email protected] wrote:

> On Fri, 2 Feb 2001, Patrick Greenwell wrote:
> >
> > P.S. AboveNet is taking the latest BIND vunerability(ies) seriously enough
> > that they are beginning wholescale scans of their address space. Draw your
> > own conclusions related to masking version numbers.
> >
> The bulk of that announcement from is from 2 lines:
> > We will be checking every IP in our space on port 53 in order to find
> > versions of BIND open to a root exploit.
> I'm not sure my agreement with allows them to scan my network,
> though it is admittedly their IP space.  I'll go check the paperwork on
> Monday.  (Honestly I expect to find it does, though I must have been
> smoking something when I signed it. is usually on stable legal
> ground.)
> That aside, I am concerned that the announcement makes no mention of who
> they would disclose this information to.  Presumably the registered
> contacts for the offending customer, but has not said they'll
> tell anyone.
> Needless to say, I am not happy with this.  I can't imagine anyone would
> be happy with their provider scanning their network.
> (Also leaving aside the fact that this scan will be pretty much
> useless, given cases where named is run as a different user, chroot'd,
> instructed to lie about its version number, etc.)
> Matthew Devney


Thank you;
| Thinking is a learned process. |
| ICANN member @large            |
| Gigabit over IP, ieee 802.17   |
| working group                  |
| Resilient Packet Transport     |
Henry R. Linneweh