Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: DNS Injection Problem
From: Danny <danny () drexel edu>
Date: Mon, 05 May 2003 20:30:44 -0400

On Monday, May 5, 2003, at 01:11  PM, Blade Runner wrote:


OS: Slackware 8.1  kernel 2.4.20
DNS Server: bind 9.2.2 # I am focusing my attention here, looking for bugs.
Do you have bind interacting with a windows Active Directory Setup which allows clients to update / modify DNS in bind? 


Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0
Squirrel Mail has had quite a number of security problems in the past, Have you kept on top of the patches and updates for it in the past? 



Proftpd 1.2.8 # no root or anonymous connections

Here it goes a scanner showing my open ports.

Port       State       Service
21/tcp     open        ftp
23/tcp     open        telnet
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
110/tcp    open        pop-3
113/tcp    open        auth
143/tcp    open        imap2
Is this a *full* port scan using -p 1-65535 / -p- or simply nmaps default scan? 




In this server we do not allow telnet/rsh or any shell connection.

Since I am a newbie, I would appreciate some advices and tips.
Er, you say that you do not allow any telnet access to this server but you are running the telnet service, thats probably not a good idea, If you meant you don't allow any clients remote access to the server i'd suggest ditching telnet and using [Open]SSH... If *noone* has remote access to this server than you should disable the telnet service. 



Thanks a lot and sorry about my poor English





Danny
Network Security Engineer


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]