Re: anonymous Zonetransfer (AXFR) exploatation

From: krymson@gmail.com
Date: Thu Mar 20 2008 - 14:05:38 EST

Next message: Marco Ivaldi: "Re: Session Hijacking over HTTP"
Previous message: benoni.martin@accenture.com: "RE : Promiscuous Mode"
Maybe in reply to: xx yy: "anonymous Zonetransfer (AXFR) exploatation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Just to address this one aspect of the thread, there was a recent case in North Dakota, US which was presumed to have determined that a DNS zone transfer constituted hacking [1]. This wasn't the whole complaint or reason for the ruling, but that is the part that media and places like Slashdot picked up and highlighted. I know precedence is important in US law, but I'm not sure this would stand up upon further scrutiny.

Nonetheless, the real point is to limit zone transfers.

[1] http://www.theregister.co.uk/2008/01/17/anti_spam_activist_lawsuit/

<- snip ->
I never heard of laws that forbids you to get DNS content from a server. Maybe I am late with the news, but
as long as it is only an information disclosure it shouldnt be less legal than a port scan.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: Marco Ivaldi: "Re: Session Hijacking over HTTP"
Previous message: benoni.martin@accenture.com: "RE : Promiscuous Mode"
Maybe in reply to: xx yy: "anonymous Zonetransfer (AXFR) exploatation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT