Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Microsoft version.binding us now?

Re: Microsoft version.binding us now?

From: Bill Marquette <billm_at_DANGER.MS>
Date: Thu, 1 Jun 2000 19:12:04 -0500

>FromF5 tech support:

    The current methods of probing that we do are an ICMP ping a UDP or TCP
1/2 open
    socket connect which we gracefully shut down after. And in the soon to
be
    released 2.1 we have added two new protocols to the list, DNS_VER and
DNS_DOT.
    The DNS_VER is what he is seeing this is a less obtrusive method of
probing an
    LDNS. It is easy to set the version type of BIND to a bogus parameter
such as
    "chaos" or "go away". We don't care what the response is we are not
looking for
    the version just the response.

    You can also ask our customer to be removed their probing list.

The argument is of course ridiculous. DNS_VER is NOT less obtrusive than
any of the other options they mentioned.

As a side note, can people PLEASE stop sending their "out of office"
messages to people posting to this list?

--Bill
--billm_at_danger.ms
Received on Jun 01 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos