The Planet Forums > Now that's interesting... IDS blocking DNS version requests

Full Version: Now that's interesting... IDS blocking DNS version requests

The Planet Forums > Security > General Security > UNIX Security

dezignguy

Jan 18 2005, 03:59 AM

I noticed that dnsserver version requests no longer seem to be going through, as of a few days ago... (dnsreport.com also gives a constant "No version info available (timeout on lookup). Could be tinydns 1.00 through 1.04"). This is for my server's ns, and the planet's ns, plus a few other SM customers who have their nameserver's there. I haven't extensively troubleshooted it (tis no prob to me), but I rather suspect the new TippingPoint IDS.

I'm not concerned about it, and I wasn't actually displaying dns version info anyways... just 'DNS Server', exactly like the planet's server's were doing. So I'm not complaining about it... I just found it interesting. ;-D It's nice to know that the IDS is catching stuff though... and hopefully 0-day stuff will be caught as well. Though, as a downside, I think it may be making it a bit easier for those lazy/inexperienced admins to get away with not learning much about security and their OS. Which, imho, is not a good thing.

EDIT: Bother! WTH did I put this is Redhat Security? The "Network" section probably would have been more appropriate. If someone with the "Power" comes by, perhaps moving this thread might be appropriate?

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.