Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anonymous Zonetransfer (AXFR) exploatation

From: "Jamie Riden" <jamie.riden () gmail com>
Date: Thu, 13 Mar 2008 09:45:27 +0000
On 12/03/2008, xx yy <thenucker2004 () yahoo com> wrote:

During some research I came across some server that have anonymous Zonetransfer (AXFR) allowed.

 Is there a working attack for a DNS server that has anonymous Zonetransfer (AXFR) allowed ?


It's only an information disclosure vulnerability, so the best you can
do is look at things like the network structure, the hostnames and try
to infer from them. For example, a lot of places give CNAMES for
functionality such as mail, www,  smtp, pop3, xxx-db (for database),
etc.

You can also have a look at the distribution of the hosts within the
IP space of the company. Are there gaps? If so, are there computers
there without DNS records? etc. etc.

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: