BIND 9.4.2 弱點如何修正? - BBS

Annie avatar
By Annie
at 2007-12-12T21:20

Table of Contents

請問一下版上的大大,最近在玩一套弱點掃瞄的軟體,
我用他來掃我的DNS,發現都會出下以下3個弱點,就算升級到BIND 9.4.2
還是一樣,找了網路上的文章,都沒有說怎麼避免,不知道有沒有大大知道的

1.DNS Cache Snooping

Description:
Remote DNS server is vulnerable to Cache Snooping attacks.

Recommendation:

Review the above mentioned paper for an overview of the implications
and recommended solutions to the DNS Cache Snooping attack. Ensure you
have the latest version of your DNS Server although this vulnerability
may be the result of configuration error.

The DNS Cache Snooping article contains a safe BIND configuration
that restricts recursive requests to trusted clients. Ensure DNS
servers that service untrusted networks only provide authoritative
data and do not respond to recursive requests.


2.BIND Allow Authors Request

Description:
BIND versions 9.0 and later could allow a remote attacker
to obtain sensitive information.

Recommendation:
http://www.isc.org/products/BIND/

3.BIND Allow Version Request

Description:
BIND (Berkeley Internet Name Domain) servers support
the ability to be remotely queried for their version numbers.

Recommendation:
Disable the BIND version query feature.

關於第3點,網路上都是教人填一個版本進去,但要怎麼關掉呢?


--
Tags: BBS

All Comments

Re: 關於pagedaemon這支程式

Adele avatar
By Adele
at 2007-12-12T19:26
※ 引述《jimchein.bbsatcd.twbbs.org (哇丟係小怪)》之銘言: (恕刪...) : 請問如何設定這支程式 : 或是有相關的教學或說明文件嗎 補充一個網址... 似乎和原po遇到的問題有相似之處... http://list ...

Re: 關於pagedaemon這支程式

Victoria avatar
By Victoria
at 2007-12-12T19:20
※ 引述《JoeHorn.bbsatStar.leobbs.net (獅子男)》之銘言: : ※ 引述《giacch.bbsatptt.cc (giacch)》之銘言: : : ps ax | grep pagedaemon : : 好像是 kernel 的東西... = = ...

Re: 關於pagedaemon這支程式

Quanna avatar
By Quanna
at 2007-12-12T18:42
※ 引述《jimchein.bbsatcd.twbbs.org (哇丟係小怪)》之銘言: : 我的系統大約每十五分鐘就會跑pagedaemon這支程式 : 將沒在使用的記憶體釋放出來(釋放成free) : 有時明明系統的free memory還有一G多 : 還是會執行這支程式 : 每當這支程式執行時 : 系統 ...

Re: 關於pagedaemon這支程式

Kristin avatar
By Kristin
at 2007-12-12T18:18
※ 引述《chinsan.bbsatbbs.ilc.edu.tw (淡)》之銘言: : ※ 引述《jimchein.bbsatcd.twbbs.org (哇丟係小怪)》之銘言: : andgt; 我的系統大約每十五分鐘就會跑pagedaemon這支程式 : ...

FreeBSD 7.0 Beta4安裝XFree86-4-libraries的問題:<

Edward Lewis avatar
By Edward Lewis
at 2007-12-12T15:59
請問一下, 今天安裝XFree86-4-libraries 出現下列錯誤訊息: ===andgt; XFree86-libraries-4.5.0_1 is part of XFree86 and you have xorg set for X11 distribution. See The X Wi ...