Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Full Zone Information Disclosure on Top Level Domain Name Servers
Categorie: Vulnerability
Posted: 2002-10-23 by ReCall
Views: 331
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
The Domain Name System described in RFC 1034/1035 includes full zone transfer (AXFR) specification. While this mechanism is useful to replicate zone information between servers, it can also be used to gather various information for mass mailing, distributed DoS attacks, and other malicious purposes.



Problem:





Many of top level domain (TLD) DNS servers do not implement any restrictions on AXFR query.



Impact:

AXFR data can be used to find mail relays, proxy servers, hosts with specific operating systems or applications installed. AXFR data for some TLDs contains hundreds of thousands or records, and host names are often quite meaningful. A malicious person can select thousands of specific servers without spending a lot of time scanning networks. Also, multiple AXFR queries can be used to perform DoS attack on DNS server itself.



Solution:

An access list should be used to prevent unauthorized zone transfers. For bind version 8 and 9 this can be accomplished by setting allow-transfer option appropriately.



Appendix:

Fortunately, none of .com/org/edu/net/mil/gov servers allow AXFR. The following is a list of most recognizable TLDs that allow AXFR on at least one of their servers (as of October 18, 2002). The list is sorted alphabetically.



AR

AU

BG

CU

CZ

EE

EG

ES

FI

HU

IL

IN

IT

MY

NO

PK

SE

SG

RU

TR

UA

ZA



Recently registered TLDs:



.INT

.MUSEUM

.PRO
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=116

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES