RE: Detecting DNS Servers

From: Pete Herzog (pete@isecom.org)
Date: Sun Jul 13 2003 - 16:44:57 EDT

• Next message: Mark Wolfgang: "Re: SCADA Auditing Tools"
• Previous message: Jim: "Re: Detecting DNS Servers"
• In reply to: Jim: "Re: Detecting DNS Servers"
• Next in thread: Michael Thumann: "Re: Detecting DNS Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This may sound obvious but what about making DNS requests to them and
grabbing the packets. Some DNS servers will give away who they are in the
packet capture. If you do it methodically, you can seperate out the
different response types and for the unknown ones, hit GOOGLE with the
string. You probably did that already though maybe.

I'm not sure if there is a DNS fingerprinting tool though. I never needed
one before.

Sincerely,
-pete.

> -----Original Message-----
> From: Jim [mailto:ps2man@dodo.com.au]
> Sent: Saturday, July 12, 2003 07:48 AM
> To: pen-test@securityfocus.com
> Subject: Re: Detecting DNS Servers
>
>
> Alot of dns severs specifiy they are dns servers in there host
> names also..
>
>
> ----- Original Message -----
> From: "Michael Thumann" <mlthumann@ids-guide.de>
> To: "Rodrigo Ramos" <rodrigo.ramos@ipad.com.br>
> Cc: <pen-test@securityfocus.com>
> Sent: Saturday, July 12, 2003 4:56 AM
> Subject: Re: Detecting DNS Servers
>
>
> > Hi Rodrigo,
> >
> > Mike has published example code for that. you can find it at
> > www.wiley.com/compbooks/schiffman
> >
> > Look for sift.
> >
> > Hope that helps
> > Michael
> >
> > At 15:16 11.07.2003 -0300, Rodrigo Ramos wrote:
> > >Hi Michael,
> > >
> > >I haven't read this book.
> > >Cold you give me an example? Would I need a packet builder?
> > >
> > >
> > >Best regards,
> > >Rodrigo Ramos
> > >
> > >On Fri, 2003-07-11 at 14:12, Michael Thumann wrote:
> > > > Mike Schiffman explained one way in his book 'Building Open Source
> > > Network
> > > > Security Tools' . Some DNS Servers will send a version
> string back, if
> you
> > > > send them a chaos class query, especially BIND servers support that
> and
> > > are
> > > > configured to do so by default.
> > > >
> > > > cheers
> > > > Michael
> > > >
> > > > At 10:22 11.07.2003 -0300, you wrote:
> > > > >Hi,
> > > > >
> > > > >
> > > > >I need a help from the community.
> > > > >At this moment I am reading papers from NIST and ISECOM
> (osstmm2.0).
> > > > >I need to know the very best way to discover the versions of DNS
> > > > >servers.
> > > > >I need to write a paper about it.I all ready wrote something, but I
> need
> > > > >to hear from everybody.
> > > > >
> > > > >
> > > > >
> > > > >Best Regards,
> > > > >Rodrigo Ramos
> > > > >http://www.spytket.com.br
> > > > >
> > > > >
> > > > >
> > > >
> >-----------------------------------------------------------------------
> > > ----
> > > > >The Lightning Console aggregates IDS events, correlates them with
> > > > >vulnerability info, reduces false positives with the click of a
> button,
> > > > >anddistributes this information to hundreds of users.
> > > > >
> > > > >Visit Tenable Network Security at http://www.tenablesecurity.com to
> learn
> > > > >more.
> > > >
> >-----------------------------------------------------------------------
> > > -----
> > > >
> > > >
> >
> >
> --------------------------------------------------------------------------
> --------------------------
> > > > Michael Thumann mlthumann@ids-guide www.ids-guide.de
> > > > Public Key available at http://www.ids-guide.de/MichaelThumann.asc
> > > >
> >
> >
> --------------------------------------------------------------------------
> --------------------------
> > > > The only secure computer is one that's unplugged, locked in a safe,
> > > > and buried 20 feet under the ground in a secret
> location...and i'm not
> > > > even too sure about that one
> > > >
> > > --Dennis
> > > > Huges, FBI.
> > > >
> > > >
> > >
> >
> --------------------------------------------------------------------------
> -
> > > > The Lightning Console aggregates IDS events, correlates them with
> > > > vulnerability info, reduces false positives with the click of a
> button,
> > > anddistributes this information to hundreds of users.
> > > >
> > > > Visit Tenable Network Security at http://www.tenablesecurity.com to
> learn
> > > > more.
> > > >
> >
> >
> --------------------------------------------------------------------------
> --
> > > >
> > > >
> >
> >
> --------------------------------------------------------------------------
> --------------------------
> > Michael Thumann mlthumann@ids-guide www.ids-guide.de
> > Public Key available at http://www.ids-guide.de/MichaelThumann.asc
> >
> --------------------------------------------------------------------------
> --------------------------
> > The only secure computer is one that's unplugged, locked in a safe,
> > and buried 20 feet under the ground in a secret location...and i'm not
> > even too sure about that one
> >
> --Denn
> is
> > Huges, FBI.
> >
> >
> >
> --------------------------------------------------------------------------
> -
> > The Lightning Console aggregates IDS events, correlates them with
> > vulnerability info, reduces false positives with the click of a button,
> anddistributes this information to hundreds of users.
> >
> > Visit Tenable Network Security at
> http://www.tenablesecurity.com to learn
> > more.
> >
> --------------------------------------------------------------------------
> --
> >
> >
>
>
> ------------------------------------------------------------------
> ---------
> The Lightning Console aggregates IDS events, correlates them with
> vulnerability info, reduces false positives with the click of a
> button, anddistributes this information to hundreds of users.
>
> Visit Tenable Network Security at http://www.tenablesecurity.com to learn
> more.
> ------------------------------------------------------------------
> ----------
>
>

---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.

KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

• Next message: Mark Wolfgang: "Re: SCADA Auditing Tools"
• Previous message: Jim: "Re: Detecting DNS Servers"
• In reply to: Jim: "Re: Detecting DNS Servers"
• Next in thread: Michael Thumann: "Re: Detecting DNS Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT