Home page logo

pen-test logo Penetration Testing mailing list archives

Re: anonymous Zonetransfer (AXFR) exploatation
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Thu, 13 Mar 2008 09:45:27 +0000

On 12/03/2008, xx yy <thenucker2004 () yahoo com> wrote:
During some research I came across some server that have anonymous Zonetransfer (AXFR) allowed.

 Is there a working attack for a DNS server that has anonymous Zonetransfer (AXFR) allowed ?

It's only an information disclosure vulnerability, so the best you can
do is look at things like the network structure, the hostnames and try
to infer from them. For example, a lot of places give CNAMES for
functionality such as mail, www,  smtp, pop3, xxx-db (for database),

You can also have a look at the distribution of the hosts within the
IP space of the company. Are there gaps? If so, are there computers
there without DNS records? etc. etc.

Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]