Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: question regarding nessus plug-in 10595 DNS AXFR
From: "Pedro Andujar" <crg () digitalsec net>
Date: Wed, 25 Feb 2004 00:59:42 +0100

dig @nameserver domain.com AXFR

Visual Example

[crg () core]$ host -t ns l33tsecurity.com
l33tsecurity.com name server ns2.nichtsecurity.com.
l33tsecurity.com name server ns1.nichtsecurity.com.
[crg () core]$ dig @ns2.nichtsecurity.com l33tsecurity.com AXFR

; <<>> DiG 9.2.2-P3 <<>> @ns2.nichtsecurity.com l33tsecurity.com AXFR
;; global options:  printcmd
l33tsecurity.com. 3600  IN SOA  ns1.nichtsecurity.com.
unter.nichtsecurity.com. 2004020900 10800 3600 604800 3600
www.l33tsecurity.com. 3600 IN A 198.247.231.211
l33tsecurity.com. 3600  IN A 198.247.231.211
l33tsecurity.com. 3600  IN MX 10 l33tsec.no-ip.org.
l33tsecurity.com. 3600  IN MX 100 smtp-relay.swbell.net.
team.l33tsecurity.com.  3600 IN AAAA  3ffe:bc0:35b:1::3
xor.l33tsecurity.com. 3600 IN AAAA  3ffe:bc0:35b:1::2
unpack.l33tsecurity.com. 3600 IN  A 198.247.231.211
l33tsecurity.com. 3600  IN NS NS1.NICHTSECURITY.COM.
l33tsecurity.com. 3600  IN NS NS2.NICHTSECURITY.COM.
codes.l33tsecurity.com. 3600 IN A 66.163.242.186
l33tsecurity.com. 3600  IN SOA  ns1.nichtsecurity.com.
unter.nichtsecurity.com. 2004020900 10800 3600 604800 3600
;; Query time: 644 msec
;; SERVER: 198.247.231.232#53(ns2.nichtsecurity.com)
;; WHEN: Wed Feb 25 00:58:31 2004
;; XFR size: 13 records

Regards

Pedro Andújar (Crg)
!dSR - Digital Security Research
http://www.digitalsec.net

 "!dSR... when security is not your beretta"

----- Original Message ----- 
From: "cissper" <cissper () yahoo com au>
To: <pen-test () securityfocus com>
Sent: Tuesday, February 24, 2004 9:41 AM
Subject: question regarding nessus plug-in 10595 DNS AXFR


Dear all

In one of my scans, nessus reported a vulnerability allowing DNS zone
transfers (see below).
I have tried to verify this vulnerability manually with nslookup and
other tools. Apparently
a manual DNS zone transfer did not work! So I am just wondering if
anybody knows what this plug-in
is exactly doing. I am not yet familiar with the scripting language
used.
I would appreciate if anybody could tell how the plug-in could perform a
zone transfer.

Thank you guys!!

--------------------------------------------
nessus message:
The remote name server allows DNS zone transfers to be performed.
A zone transfer will allow the remote attacker to instantly populate
a list of potential targets. In addition, companies often use a naming
convention which can give hints as to a servers primary application
(for instance, proxy.company.com, payroll.company.com, b2b.company.com,
etc.).

As such, this information is of great use to an attacker who may use it
to gain information about the topology of your network and spot new
targets.

Solution: Restrict DNS zone transfers to only the servers that
absolutely
need it.

Risk factor : Medium
ID: 10595
--------------------------------------------





--------------------------------------------------------------------------
-
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
--------------------------------------------------------------------------
--



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]