Home page logo

pen-test logo Penetration Testing mailing list archives

question regarding nessus plug-in 10595 DNS AXFR
From: "cissper" <cissper () yahoo com au>
Date: Tue, 24 Feb 2004 19:41:49 +1100

Dear all

In one of my scans, nessus reported a vulnerability allowing DNS zone
transfers (see below). 
I have tried to verify this vulnerability manually with nslookup and
other tools. Apparently 
a manual DNS zone transfer did not work! So I am just wondering if
anybody knows what this plug-in
is exactly doing. I am not yet familiar with the scripting language
I would appreciate if anybody could tell how the plug-in could perform a
zone transfer.

Thank you guys!!

nessus message:
The remote name server allows DNS zone transfers to be performed.
A zone transfer will allow the remote attacker to instantly populate
a list of potential targets. In addition, companies often use a naming
convention which can give hints as to a servers primary application
(for instance, proxy.company.com, payroll.company.com, b2b.company.com,

As such, this information is of great use to an attacker who may use it
to gain information about the topology of your network and spot new

Solution: Restrict DNS zone transfers to only the servers that
need it.

Risk factor : Medium 
ID: 10595

Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]