From: cissper (cissper@yahoo.com.au)
Date: Tue Feb 24 2004 - 03:41:49 EST
Dear all
In one of my scans, nessus reported a vulnerability allowing DNS zone
transfers (see below).
I have tried to verify this vulnerability manually with nslookup and
other tools. Apparently
a manual DNS zone transfer did not work! So I am just wondering if
anybody knows what this plug-in
is exactly doing. I am not yet familiar with the scripting language
used.
I would appreciate if anybody could tell how the plug-in could perform a
zone transfer.
Thank you guys!!
--------------------------------------------
nessus message:
The remote name server allows DNS zone transfers to be performed.
A zone transfer will allow the remote attacker to instantly populate
a list of potential targets. In addition, companies often use a naming
convention which can give hints as to a servers primary application
(for instance, proxy.company.com, payroll.company.com, b2b.company.com,
etc.).
As such, this information is of great use to an attacker who may use it
to gain information about the topology of your network and spot new
targets.
Solution: Restrict DNS zone transfers to only the servers that
absolutely
need it.
Risk factor : Medium
ID: 10595
--------------------------------------------
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT