RE: DNS and SMTP

• Previous message: Simon Taplin: "Re: Removing Local Admin Rights..."
• Maybe in reply to: kaps lock: "DNS and SMTP"
• Next in thread: Russell J. Wood: "Re: DNS and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: 'kaps lock' <secnerd2004@yahoo.com>, security-basics@lists.securityfocus.com
Date: Mon, 31 May 2004 13:11:47 +0200

Just a correction: in the second point I understand you're referring to
SNMP, not SMTP.

If you know the READ community string, all you can do is read SNMP OIDs
values. But if the admin has configured SNMP writes ON and you also know the
WRITE community string, then you can reconfigure options of the device
(those options available through SNMP).

-----Mensaje original-----
De: kaps lock [mailto:secnerd2004@yahoo.com]
Enviado el: viernes, 28 de mayo de 2004 15:17
Para: security-basics@lists.securityfocus.com
Asunto: DNS and SMTP

Hi All,
I am a security new bie.I would like to know or
atleast if somebody can have me some pointers to good
turtorials on

1)DNS
basically i want to be able to understand everything
about DNS ,using nslookup,dig inorder to be a good
security analyst.like how i could determine OS of a
dns server ,or say how i could determine what evrsion
of BIND it is using etc.
2)SMTP
If somebody could tell me what is an Object ID and how
does it function and how it is decided upon!!Like the
tree that is followed.Also could a system be
compromised if a attacker nows the communitry string?

thanks a bunch in advance

B

        
                
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

=============================
Este mensaje se dirige exclusivamente a su destinatario.
Puede contener informacion confidencial sometida a secreto profesional o cuya divulgacion
este prohibida, en virtud de la legislacion vigente. No esta permitida su divulgacion,
copia o distribucion a terceros sin la autorizacion previa y por escrito de Iberdrola.
Si ha recibido este mensaje por error, le rogamos nos lo comunique inmediatamente
por esta misma via y proceda a su destruccion.

This e-mail is intended exclusively for the individual or entity to which it is addressed
and may contain confidential or legally privileged information, which may not be disclosed
under current legislation. Any form of disclosure, copying or distribution of this e-mail
is strictly prohibited, save with written authorisation from Iberdrola.
If you have received this message in error, please notify the sender immediately by e-mail
and delete all copies of the message.
=============================

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Simon Taplin: "Re: Removing Local Admin Rights..."
• Maybe in reply to: kaps lock: "DNS and SMTP"
• Next in thread: Russell J. Wood: "Re: DNS and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Routes that are susceptible to SNMP ... read-write by using "private" as a community string? ... By "how dangerous this is," do you mean the fact that snmp is available to ... > This list is provided by the SecurityFocus Security ... (Pen-Test) SUMMARY: SNMP question ... Thank you all for the quick and very informative responses. ... What you sort of did was prevent any public read access of any SNMP ... community string by default, this is an easy thing for a cracker to check. ... query the SNMP daemon, but the risk is much lower. ... (Tru64-UNIX-Managers) [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP! ... Scanning the Internet via SNMP! ... write community string is identified or cracked. ... Dynamic DNS credentials disclosure on ZyXEL Prestige routers via ... (Full-Disclosure) net::snmp ... I'm writing a script that will query a device via SNMP to check the ... time (it;s a nagios check to make sure that devices are polling NTP ... # Gather hostname and community string from call parameter ... (comp.lang.perl.modules)