question regarding nessus plug-in 10595 DNS AXFR

From: cissper (cissper_at_yahoo.com.au)
Date: 02/24/04

  • Next message: Harshul Nayak: "RE: nessus which plug'in reports which vulnerability?" 
    To: <pen-test@securityfocus.com>
Date: Tue, 24 Feb 2004 19:41:49 +1100

    Dear all

    In one of my scans, nessus reported a vulnerability allowing DNS zone
    transfers (see below).
    I have tried to verify this vulnerability manually with nslookup and
    other tools. Apparently
    a manual DNS zone transfer did not work! So I am just wondering if
    anybody knows what this plug-in
    is exactly doing. I am not yet familiar with the scripting language
    used.
    I would appreciate if anybody could tell how the plug-in could perform a
    zone transfer.

    Thank you guys!!

    --------------------------------------------
    nessus message:
    The remote name server allows DNS zone transfers to be performed.
    A zone transfer will allow the remote attacker to instantly populate
    a list of potential targets. In addition, companies often use a naming
    convention which can give hints as to a servers primary application
    (for instance, proxy.company.com, payroll.company.com, b2b.company.com,
    etc.).

    As such, this information is of great use to an attacker who may use it
    to gain information about the topology of your network and spot new
    targets.

    Solution: Restrict DNS zone transfers to only the servers that
    absolutely
    need it.

    Risk factor : Medium
    ID: 10595
    --------------------------------------------

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
    ----------------------------------------------------------------------------

  • Next message: Harshul Nayak: "RE: nessus which plug'in reports which vulnerability?"

    Relevant Pages

    • Re: Zone Transfers - Forcing
      ... > the master DNS server in Windows? ... > DNS servers as slave. ... > with our own nameservers, ... initiate a zone transfer from the master increment the zone serial and it ...
      (microsoft.public.windows.server.dns)
    • Re: Windows 2003 Server domain issue
      ... dont wish to perform zone transfer, two dns servers at two ... >Microsoft MVP for Windows Server - Management ...
      (microsoft.public.windows.server.general)
    • Re: Zone Transfer and Trust
      ... The customer location has similar internal subnet and ... There is a DNS server inbetween these two Natted Range. ... local AD Integrated DNS servers at both locations? ... >> Why do we need Zone transfer to take place? ...
      (microsoft.public.windows.server.dns)
    • Re: Security question on DNS zone transfers
      ... Is this true even if we're using the dynamic DNS service I ... > Assuming you're referring to the Zone Transfer tab in the properties of ... > on the Name Servers tab. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: DNS Mass Changes
      ... Then Kevin replied below: ... but secondary servers will use the refresh value to ... secondary will try a zone transfer. ... As close as you can come to a force zone transfer is to use notify, ...
      (microsoft.public.windows.server.dns)