nanog mailing list archives

Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded)

From: mdevney () teamsphere com
Date: Sat, 3 Feb 2001 00:35:32 -0800 (PST)



On Fri, 2 Feb 2001, Patrick Greenwell wrote:


P.S. AboveNet is taking the latest BIND vunerability(ies) seriously enough
that they are beginning wholescale scans of their address space. Draw your
own conclusions related to masking version numbers.

The bulk of that announcement from Above.net is from 2 lines:

We will be checking every IP in our space on port 53 in order to find
versions of BIND open to a root exploit.


I'm not sure my agreement with Above.net allows them to scan my network,
though it is admittedly their IP space.  I'll go check the paperwork on
Monday.  (Honestly I expect to find it does, though I must have been
smoking something when I signed it.  Above.net is usually on stable legal
ground.)

That aside, I am concerned that the announcement makes no mention of who
they would disclose this information to.  Presumably the registered
contacts for the offending customer, but above.net has not said they'll
tell anyone.  

Needless to say, I am not happy with this.  I can't imagine anyone would
be happy with their provider scanning their network.

(Also leaving aside the fact that this scan will be pretty much
useless, given cases where named is run as a different user, chroot'd,
instructed to lie about its version number, etc.)

Matthew Devney

Current thread:

Re: Reasons why BIND isn't being upgraded, (continued)
- - - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
- Re: Reasons why BIND isn't being upgraded Paul Vixie (Feb 24)
  - Re: Reasons why BIND isn't being upgraded Adam McKenna (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
  - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Bill Woodcock (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Joe Rhett (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
    - Re: Reasons why BIND isn't being upgraded Kevin Oberman (Feb 24)
    - Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) mdevney (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Mikael Abrahamsson (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Stephen Stuart (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) alex (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasonswhy BIND isn't being upgraded) Steve Sobol (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasonswhy BIND isn't being upgraded) Henry R. Linneweh (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Steve Rubin (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Stephen J. Wilcox (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Mikael Abrahamsson (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasonswhy BIND isn't being upgraded) Steve Sobol (Feb 24)
    - Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Jared Mauch (Feb 24)

(Thread continues...)