Penetration Testing mailing list archives
Re: question regarding nessus plug-in 10595 DNS AXFR
From: "Pedro Andujar" <crg () digitalsec net>
Date: Wed, 25 Feb 2004 00:59:42 +0100
dig @nameserver domain.com AXFR Visual Example [crg@core]$ host -t ns l33tsecurity.com l33tsecurity.com name server ns2.nichtsecurity.com. l33tsecurity.com name server ns1.nichtsecurity.com. [crg@core]$ dig @ns2.nichtsecurity.com l33tsecurity.com AXFR ; <<>> DiG 9.2.2-P3 <<>> @ns2.nichtsecurity.com l33tsecurity.com AXFR ;; global options: printcmd l33tsecurity.com. 3600 IN SOA ns1.nichtsecurity.com. unter.nichtsecurity.com. 2004020900 10800 3600 604800 3600 www.l33tsecurity.com. 3600 IN A 198.247.231.211 l33tsecurity.com. 3600 IN A 198.247.231.211 l33tsecurity.com. 3600 IN MX 10 l33tsec.no-ip.org. l33tsecurity.com. 3600 IN MX 100 smtp-relay.swbell.net. team.l33tsecurity.com. 3600 IN AAAA 3ffe:bc0:35b:1::3 xor.l33tsecurity.com. 3600 IN AAAA 3ffe:bc0:35b:1::2 unpack.l33tsecurity.com. 3600 IN A 198.247.231.211 l33tsecurity.com. 3600 IN NS NS1.NICHTSECURITY.COM. l33tsecurity.com. 3600 IN NS NS2.NICHTSECURITY.COM. codes.l33tsecurity.com. 3600 IN A 66.163.242.186 l33tsecurity.com. 3600 IN SOA ns1.nichtsecurity.com. unter.nichtsecurity.com. 2004020900 10800 3600 604800 3600 ;; Query time: 644 msec ;; SERVER: 198.247.231.232#53(ns2.nichtsecurity.com) ;; WHEN: Wed Feb 25 00:58:31 2004 ;; XFR size: 13 records Regards Pedro Andújar (Crg) !dSR - Digital Security Research http://www.digitalsec.net "!dSR... when security is not your beretta" ----- Original Message ----- From: "cissper" <cissper () yahoo com au> To: <pen-test () securityfocus com> Sent: Tuesday, February 24, 2004 9:41 AM Subject: question regarding nessus plug-in 10595 DNS AXFR
Dear all In one of my scans, nessus reported a vulnerability allowing DNS zone transfers (see below). I have tried to verify this vulnerability manually with nslookup and other tools. Apparently a manual DNS zone transfer did not work! So I am just wondering if anybody knows what this plug-in is exactly doing. I am not yet familiar with the scripting language used. I would appreciate if anybody could tell how the plug-in could perform a zone transfer. Thank you guys!! -------------------------------------------- nessus message: The remote name server allows DNS zone transfers to be performed. A zone transfer will allow the remote attacker to instantly populate a list of potential targets. In addition, companies often use a naming convention which can give hints as to a servers primary application (for instance, proxy.company.com, payroll.company.com, b2b.company.com, etc.). As such, this information is of great use to an attacker who may use it to gain information about the topology of your network and spot new targets. Solution: Restrict DNS zone transfers to only the servers that absolutely need it. Risk factor : Medium ID: 10595 -------------------------------------------- --------------------------------------------------------------------------
-
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_pen-test_040219 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- question regarding nessus plug-in 10595 DNS AXFR cissper (Feb 24)
- Re: question regarding nessus plug-in 10595 DNS AXFR Mike Hoskins (Feb 25)
- Re: question regarding nessus plug-in 10595 DNS AXFR Ariel Martinez (Feb 25)
- Re: question regarding nessus plug-in 10595 DNS AXFR Pedro Andujar (Feb 25)
- <Possible follow-ups>
- Re: question regarding nessus plug-in 10595 DNS AXFR Travis Schack (Feb 25)