Penetration Testing mailing list archives
Re: anonymous Zonetransfer (AXFR) exploatation
From: krymson () gmail com
Date: 20 Mar 2008 19:05:38 -0000
Just to address this one aspect of the thread, there was a recent case in North Dakota, US which was presumed to have determined that a DNS zone transfer constituted hacking [1]. This wasn't the whole complaint or reason for the ruling, but that is the part that media and places like Slashdot picked up and highlighted. I know precedence is important in US law, but I'm not sure this would stand up upon further scrutiny. Nonetheless, the real point is to limit zone transfers. [1] http://www.theregister.co.uk/2008/01/17/anti_spam_activist_lawsuit/ <- snip -> I never heard of laws that forbids you to get DNS content from a server. Maybe I am late with the news, but as long as it is only an information disclosure it shouldnt be less legal than a port scan. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: anonymous Zonetransfer (AXFR) exploatation, (continued)
- RE: anonymous Zonetransfer (AXFR) exploatation Shenk, Jerry A (Mar 13)
- Re: anonymous Zonetransfer (AXFR) exploatation LordDoskias (Mar 13)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Jason Thompson (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 19)
- Re: anonymous Zonetransfer (AXFR) exploatation Volker Tanger (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Dave Howe (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation mouss (Mar 20)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Jamie Riden (Mar 18)