Penetration Testing mailing list archives
RE: testing dns servers
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 16 Apr 2007 10:16:07 -0400
How would you guys test a dns server for holes? Here are some that i thought of.. 1. Make sure it does not allow recursive queries. 2. Make sure it does not allow zone transfers from unauthorized hosts. 3. Make sure it is not vulnerable to dns cache poisoning.
These are more configuration issues than they are vulnerabilities. If what you're looking for is configuration best-practices then you're definitely on the right track. I would add to your existing list to test whether DNS cache snooping[1] is possible. You may also want to try DNSMap[2] to see if you can find any subdomains that may reveal additional details about the network you are looking at. If you're looking for actual vulnerabilities in the DNS server itself, then you may want to check out JBroFuzz[3] in addition to whatever vuln scanner(s) you already use. PaulM 1. http://www.sysvalue.com/papers/DNS-Cache-Snooping/ 2. http://packetstormsecurity.org/filedesc/dnsmap-latest.tar.html 3. http://sourceforge.net/projects/jbrofuzz ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- testing dns servers Zhihao (Apr 15)
- Re: testing dns servers mark foster (Apr 16)
- Re: testing dns servers killy (Apr 16)
- RE: testing dns servers Paul Melson (Apr 16)
- Re: testing dns servers Vishal Garg (Apr 16)
- <Possible follow-ups>
- Re: testing dns servers bariswinston (Apr 16)