Re: Detecting DNS Servers

From: Michael Thumann (mlthumann@ids-guide.de)
Date: Fri Jul 11 2003 - 14:56:46 EDT


Hi Rodrigo,

Mike has published example code for that. you can find it at
www.wiley.com/compbooks/schiffman

Look for sift.

Hope that helps
Michael

At 15:16 11.07.2003 -0300, Rodrigo Ramos wrote:
>Hi Michael,
>
>I haven't read this book.
>Cold you give me an example? Would I need a packet builder?
>
>
>Best regards,
>Rodrigo Ramos
>
>On Fri, 2003-07-11 at 14:12, Michael Thumann wrote:
> > Mike Schiffman explained one way in his book 'Building Open Source
> Network
> > Security Tools' . Some DNS Servers will send a version string back, if you
> > send them a chaos class query, especially BIND servers support that and
> are
> > configured to do so by default.
> >
> > cheers
> > Michael
> >
> > At 10:22 11.07.2003 -0300, you wrote:
> > >Hi,
> > >
> > >
> > >I need a help from the community.
> > >At this moment I am reading papers from NIST and ISECOM (osstmm2.0).
> > >I need to know the very best way to discover the versions of DNS
> > >servers.
> > >I need to write a paper about it.I all ready wrote something, but I need
> > >to hear from everybody.
> > >
> > >
> > >
> > >Best Regards,
> > >Rodrigo Ramos
> > >http://www.spytket.com.br
> > >
> > >
> > >
> > >-----------------------------------------------------------------------
> ----
> > >The Lightning Console aggregates IDS events, correlates them with
> > >vulnerability info, reduces false positives with the click of a button,
> > >anddistributes this information to hundreds of users.
> > >
> > >Visit Tenable Network Security at http://www.tenablesecurity.com to learn
> > >more.
> > >-----------------------------------------------------------------------
> -----
> >
> >
> ----------------------------------------------------------------------------------------------------
> > Michael Thumann mlthumann@ids-guide www.ids-guide.de
> > Public Key available at http://www.ids-guide.de/MichaelThumann.asc
> >
> ----------------------------------------------------------------------------------------------------
> > The only secure computer is one that's unplugged, locked in a safe,
> > and buried 20 feet under the ground in a secret location...and i'm not
> > even too sure about that one
> >
> --Dennis
> > Huges, FBI.
> >
> >
> > ---------------------------------------------------------------------------
> > The Lightning Console aggregates IDS events, correlates them with
> > vulnerability info, reduces false positives with the click of a button,
> anddistributes this information to hundreds of users.
> >
> > Visit Tenable Network Security at http://www.tenablesecurity.com to learn
> > more.
> >
> ----------------------------------------------------------------------------
> >
> >

----------------------------------------------------------------------------------------------------
Michael Thumann mlthumann@ids-guide www.ids-guide.de
Public Key available at http://www.ids-guide.de/MichaelThumann.asc
----------------------------------------------------------------------------------------------------
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location...and i'm not
even too sure about that one
                                                                    --Dennis
Huges, FBI.

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT