Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS and SMTP

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Mon, 31 May 2004 19:04:41 -0700 (PDT)

hi ya


On Fri, 2004-05-28 at 09:16, kaps lock wrote:

Hi All,
I am a security new bie.I would like to know or
atleast if somebody can have me some pointers to good
turtorials on


read ... the first 10 pages of all the links that google
returns for each "search string" you give it .. 


1)DNS
basically i want to be able to understand everything
about DNS ,using nslookup,dig inorder to be a good
security analyst.


knowing how to use the wrong tools wont help  with being
a "security analyst"
        - what kind of analyst ??
        ( writing articles for general public or for teaching
        ( security classes for certification ?

as it has been pointed out ... read both books about DNS
by cricket liu ( not just the oreilly one )

- you/we will never know "everything" about dns


like how i could determine OS of a

dns server ,


nmap -O  1.2.3.4

or nessus or queso or ...


or say how i could determine what evrsion

of BIND  it is using etc.


telnet  1.2.3.4 53
        - and if you believe the answer, there might be
        a nice lakefront land for sale in the nevada dessert too


2)SMTP
If somebody could tell me what is an Object ID and how
does it function and how it is decided upon!!Like the
tree that is followed.Also could a system be
compromised if a attacker nows the communitry string?


always, always assume the attacker already has root access 
to any of your servers and try to protect whatever you are
trying to protect and why and at what costs and what
are ALL of the consequences of them doing "rm -rf /" on that server
and any other server that they can get into

c ya
alvin

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: