RE: Sign:Re: Is there such a thing as DNS Network Mapper type application
From: David Burt (uncue75_at_yahoo.com)
Date: 09/09/03
- Previous message: Marc Doudiet: "lame server"
- Maybe in reply to: Kilian CAVALOTTI: "Sign:Re: Is there such a thing as DNS Network Mapper type application"
- Next in thread: Andrew Ruef: "RE: Is there such a thing as DNS Network Mapper type application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Sep 2003 06:14:26 -0700 (PDT) To: security-basics@securityfocus.com
This is exactly the information that I am looking for
however, doing a zone transfer would certainly show up
as a snort/IDS alert. Someone off list suggested
scanning the subnet and doing a DNS reverse lookup.
This too I would this cause a snort/IDS alert. I'm
looking for something a little less intrusive. In the
same email, this person suggested that I could write a
perl script to use nslookup to query common names like
the ones I listed. This is exactly what I am looking
for, however perl and I don't get along very well. I
could probably do this, it would just take some time.
Then I would have to come up with my own list of
common host names, which is another reason I was
hopping someone had already been down this road.
Thanks for the responses...
David
-----Original Message-----
From: Kilian CAVALOTTI
[mailto:kilian.cavalotti@crans.org]
Sent: Monday, September 08, 2003 4:21 PM
To: David Burt
Cc: security-basics@securityfocus.com
Subject: Sign:Re: Is there such a thing as DNS Network
Mapper type
application
David Burt wrote:
> To give you an example, you tell it the ip or name
of
> the name server you would like to use, then it does
> many lookups trying to find IPs based on the names.
>
> You get this idea...
Something like an AXFR transfer on a DNS zone ?
[22:18] me@host % host -l nic.fr
nic.fr. NS ns.ripe.net.
nic.fr. NS dns.inria.fr.
nic.fr. NS ns0.oleane.net.
nic.fr. NS ns1.nic.fr.
nic.fr. NS ns1.oleane.net.
nic.fr. NS ns2.nic.fr.
nic.fr. NS ns3.nic.fr.
alarch.nic.fr. A 192.134.4.166
alpha.nic.fr. A 192.134.4.16
ambre.nic.fr. A 192.134.4.162
archipel.nic.fr. A 192.134.4.245
astrid1.nic.fr. A 192.134.4.136
astrid2.nic.fr. A 192.134.4.2
axelle.nic.fr. A 192.134.4.123
barbapapa.nic.fr. A 192.134.4.95
[...]
-- Kilian CAVALOTTI | GPGKeyId: 0xD657340C BOFH excuse #214: Flourescent lights are generating negative ions. If turning them off doesn't work, take them out and put tin foil on the ends. --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
- Previous message: Marc Doudiet: "lame server"
- Maybe in reply to: Kilian CAVALOTTI: "Sign:Re: Is there such a thing as DNS Network Mapper type application"
- Next in thread: Andrew Ruef: "RE: Is there such a thing as DNS Network Mapper type application"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
