BIND 9.4.2 弱點如何修正? - BBS
By Annie
at 2007-12-12T21:20
at 2007-12-12T21:20
Table of Contents
請問一下版上的大大,最近在玩一套弱點掃瞄的軟體,
我用他來掃我的DNS,發現都會出下以下3個弱點,就算升級到BIND 9.4.2
還是一樣,找了網路上的文章,都沒有說怎麼避免,不知道有沒有大大知道的
1.DNS Cache Snooping
Description:
Remote DNS server is vulnerable to Cache Snooping attacks.
Recommendation:
Review the above mentioned paper for an overview of the implications
and recommended solutions to the DNS Cache Snooping attack. Ensure you
have the latest version of your DNS Server although this vulnerability
may be the result of configuration error.
The DNS Cache Snooping article contains a safe BIND configuration
that restricts recursive requests to trusted clients. Ensure DNS
servers that service untrusted networks only provide authoritative
data and do not respond to recursive requests.
2.BIND Allow Authors Request
Description:
BIND versions 9.0 and later could allow a remote attacker
to obtain sensitive information.
Recommendation:
http://www.isc.org/products/BIND/
3.BIND Allow Version Request
Description:
BIND (Berkeley Internet Name Domain) servers support
the ability to be remotely queried for their version numbers.
Recommendation:
Disable the BIND version query feature.
關於第3點,網路上都是教人填一個版本進去,但要怎麼關掉呢?
--
我用他來掃我的DNS,發現都會出下以下3個弱點,就算升級到BIND 9.4.2
還是一樣,找了網路上的文章,都沒有說怎麼避免,不知道有沒有大大知道的
1.DNS Cache Snooping
Description:
Remote DNS server is vulnerable to Cache Snooping attacks.
Recommendation:
Review the above mentioned paper for an overview of the implications
and recommended solutions to the DNS Cache Snooping attack. Ensure you
have the latest version of your DNS Server although this vulnerability
may be the result of configuration error.
The DNS Cache Snooping article contains a safe BIND configuration
that restricts recursive requests to trusted clients. Ensure DNS
servers that service untrusted networks only provide authoritative
data and do not respond to recursive requests.
2.BIND Allow Authors Request
Description:
BIND versions 9.0 and later could allow a remote attacker
to obtain sensitive information.
Recommendation:
http://www.isc.org/products/BIND/
3.BIND Allow Version Request
Description:
BIND (Berkeley Internet Name Domain) servers support
the ability to be remotely queried for their version numbers.
Recommendation:
Disable the BIND version query feature.
關於第3點,網路上都是教人填一個版本進去,但要怎麼關掉呢?
--
Tags:
BBS
All Comments
Related Posts
Re: 關於pagedaemon這支程式
By Adele
at 2007-12-12T19:26
at 2007-12-12T19:26
Re: 關於pagedaemon這支程式
By Victoria
at 2007-12-12T19:20
at 2007-12-12T19:20
Re: 關於pagedaemon這支程式
By Quanna
at 2007-12-12T18:42
at 2007-12-12T18:42
Re: 關於pagedaemon這支程式
By Kristin
at 2007-12-12T18:18
at 2007-12-12T18:18
FreeBSD 7.0 Beta4安裝XFree86-4-libraries的問題:<
By Edward Lewis
at 2007-12-12T15:59
at 2007-12-12T15:59