Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: dns-openresolvers-check.nse : Detects DNS servers known to allow open recursion
From: John Bond <john.r.bond () gmail com>
Date: Tue, 2 Apr 2013 18:30:41 +0200

Not sure why this was posted 3 times; however that aside, unless I'm
missing something there is no need to use an external service for this
check.  I seem to remember that either nmap or an existing nse script
already detects open resolvers

On Thursday, March 28, 2013, Paulino Calderon wrote:

description = [[
dns-openresolvers-check looks up the database "dnsbl.openresolvers.org"
to detect DNS servers known to allow open recursion. If the DNS server is
found, it will be marked as vulnerable as it can be abused via DNS
amplification attacks.

This script queries a database provided by http://dns.measurement-**
factory.com <http://dns.measurement-factory.com>.

Daily reports of open resolvers found:
* http://dns.measurement-**factory.com/surveys/**
openresolvers/ASN-reports/<http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/>

DNS aplification attacks:
* http://isotf.org/news/DNS-**Amplification-Attacks.pdf<http://isotf.org/news/DNS-Amplification-Attacks.pdf>
]]

---
-- @usage nmap -sV --script dns-openresolvers-check <target>
-- @usage nmap -sV -p53 --script dns-openresolvers-check <target>
--
-- @output
-- | dns-openresolvers-check:
-- |   VULNERABLE:
-- |   This DNS server has been blacklisted as an open resolver.
-- |     State: VULNERABLE
-- |     Risk factor: High
-- |     Description:
-- |           This DNS server is known for supporting open recursion.
Open resolvers are dangerous
-- |           because of the following reasons:
-- |           * Attackers may consume resources of third parties. They
are actively being exploited in DDoS attacks.
-- |           * Attackers may poison the cache of an open resolver.
-- |
-- |     References:
-- |       http://isotf.org/news/DNS-**Amplification-Attacks.pdf<http://isotf.org/news/DNS-Amplification-Attacks.pdf>
-- |_ 
http://dns.measurement-**factory.com/surveys/**openresolvers.html<http://dns.measurement-factory.com/surveys/openresolvers.html>
---


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]