Ocultando nuestra version de BIND9
Vamos a dejarles un pequeño tips para ocultar nuestra version de la aplicacion BIND9, la cual cumple su funcion como servidor de DNS.
Ya que en este ultimo mes se puso de moda el ataque "dns poisoning", vamos a tratar de hacerles un poquito mas dificil a los escaner que detecten nuestra version.
1. Vamos a comprabar que version de BIND9 tenemos corriendo:
# dig @ns1.localhost version.bind chaos txt
CODE:
-
; <<>> DiG 9.3.4-P1.1 <<>> @ns1.localhost version.bind chaos txt
-
; (1 server found)
-
;; global options: printcmd
-
;; Got answer:
-
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31594
-
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
-
-
;; QUESTION SECTION:
-
;version.bind. CH TXT
-
-
;; ANSWER SECTION:
-
version.bind. 0 CH TXT "9.4.1-P1"
-
-
;; AUTHORITY SECTION:
-
version.bind. 0 CH NS version.bind.
-
-
;; Query time: 2 msec
-
;; SERVER: 192.168.1.1#53(192.168.1.1)
-
;; WHEN: Sun Jul 13 19:24:30 2008
2. Vamos a editar nuestra configuracion para ocultar la version:
# vi /etc/bind/named.conf.options
Donde agregamos:
version "hola";
# /etc/init.d/bind9 restart
Ahora comprobamos nuevamente y vemos que cambio 
# dig @ns1.localhost version.bind chaos txt
CODE:
-
; <<>> DiG 9.3.4-P1.1 <<>> @ns1.localhost version.bind chaos txt
-
; (1 server found)
-
;; global options: printcmd
-
;; Got answer:
-
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31594
-
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
-
-
;; QUESTION SECTION:
-
;version.bind. CH TXT
-
-
;; ANSWER SECTION:
-
version.bind. 0 CH TXT "hola"
-
-
;; AUTHORITY SECTION:
-
version.bind. 0 CH NS version.bind.
-
-
;; Query time: 2 msec
-
;; SERVER: 192.168.1.1#53(192.168.1.1)
-
;; WHEN: Sun Jul 13 19:25:32 2008
2 Comentarios
