Penetration Testing mailing list archives

Re: testing dns servers

From: Vishal Garg <vishal () firstbase co uk>
Date: Mon, 16 Apr 2007 16:31:11 +0100

and ...

- does not allow unauthorized zone transfers
- is not vulnerable to cache snooping.

Cheers
vishal

At 07:49 4/15/2007, Zhihao wrote:

Hi,

How would you guys test a dns server for holes?

Here are some that i thought of..

1. Make sure it does not allow recursive queries.
2. Make sure it does not allow zone transfers from unauthorized hosts.
3. Make sure it is not vulnerable to dns cache poisoning.

Anything other vectors we could look at?

Cheers.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

testing dns servers Zhihao (Apr 15)
- Re: testing dns servers mark foster (Apr 16)
- Re: testing dns servers killy (Apr 16)
- RE: testing dns servers Paul Melson (Apr 16)
- Re: testing dns servers Vishal Garg (Apr 16)
- <Possible follow-ups>
- Re: testing dns servers bariswinston (Apr 16)