Re: testing dns servers

From: Vishal Garg (vishal@firstbase.co.uk)
Date: Mon Apr 16 2007 - 11:31:11 EDT

• Next message: Radu Oprisan: "Re: Res: testing dns servers"
• Previous message: Francois Yang: "Re: Vulnerability - Tracking and Remediation"
• In reply to: Zhihao: "testing dns servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

and ...

- does not allow unauthorized zone transfers
- is not vulnerable to cache snooping.

Cheers
vishal

At 07:49 4/15/2007, Zhihao wrote:
>Hi,
>
>How would you guys test a dns server for holes?
>
>Here are some that i thought of..
>
>1. Make sure it does not allow recursive queries.
>2. Make sure it does not allow zone transfers from unauthorized hosts.
>3. Make sure it is not vulnerable to dns cache poisoning.
>
>Anything other vectors we could look at?
>
>Cheers.
>
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Are you using SPI, Watchfire or WhiteHat?
>Consider getting clear vision with Cenzic
>See HOW Now with our 20/20 program!
>
>http://www.cenzic.com/c/2020
>------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Radu Oprisan: "Re: Res: testing dns servers"
• Previous message: Francois Yang: "Re: Vulnerability - Tracking and Remediation"
• In reply to: Zhihao: "testing dns servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:44 EDT