Re: Detecting DNS Servers

From: Michael Thumann (mlthumann@ids-guide.de)
Date: Fri Jul 11 2003 - 13:12:04 EDT


Mike Schiffman explained one way in his book 'Building Open Source Network
Security Tools' . Some DNS Servers will send a version string back, if you
send them a chaos class query, especially BIND servers support that and are
configured to do so by default.

cheers
Michael

At 10:22 11.07.2003 -0300, you wrote:
>Hi,
>
>
>I need a help from the community.
>At this moment I am reading papers from NIST and ISECOM (osstmm2.0).
>I need to know the very best way to discover the versions of DNS
>servers.
>I need to write a paper about it.I all ready wrote something, but I need
>to hear from everybody.
>
>
>
>Best Regards,
>Rodrigo Ramos
>http://www.spytket.com.br
>
>
>
>---------------------------------------------------------------------------
>The Lightning Console aggregates IDS events, correlates them with
>vulnerability info, reduces false positives with the click of a button,
>anddistributes this information to hundreds of users.
>
>Visit Tenable Network Security at http://www.tenablesecurity.com to learn
>more.
>----------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------
Michael Thumann mlthumann@ids-guide www.ids-guide.de
Public Key available at http://www.ids-guide.de/MichaelThumann.asc
----------------------------------------------------------------------------------------------------
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location...and i'm not
even too sure about that one
                                                                    --Dennis
Huges, FBI.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT