Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: question regarding nessus plug-in 10595 DNS AXFR
.

  • To: cissper <[EMAIL PROTECTED]>
  • Subject: Re: question regarding nessus plug-in 10595 DNS AXFR
  • From: Ariel Martinez <[EMAIL PROTECTED]>
  • Date: Tue, 24 Feb 2004 20:06:48 -0500 (COT)
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
On Tue, 24 Feb 2004, cissper wrote:

[...]

> In one of my scans, nessus reported a vulnerability allowing DNS zone
> transfers (see below).  I have tried to verify this vulnerability
> manually with nslookup and other tools. Apparently a manual DNS zone
> transfer did not work! So I am just wondering if anybody knows what this
> plug-in is exactly doing. I am not yet familiar with the scripting
> language used.

I guess plugin tried an AXFR for a reverse zone not for a forward zone.
You can try dig(1) or host(1) from bind-utils to get the whole reverse
zone for 192.168.1.*:

$ dig @dns-server 1.168.192.in-addr.arpa axfr # You can append +notcp to 
force udp query.
 
$ host -l 1.168.192.in-addr.arpa dns-server

--
Ariel Martinez.


---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.