Security Basics mailing list archives
RE: Sign:Re: Is there such a thing as DNS Network Mapper type application
From: David Burt <uncue75 () yahoo com>
Date: Tue, 9 Sep 2003 06:14:26 -0700 (PDT)
This is exactly the information that I am looking for however, doing a zone transfer would certainly show up as a snort/IDS alert. Someone off list suggested scanning the subnet and doing a DNS reverse lookup. This too I would this cause a snort/IDS alert. I'm looking for something a little less intrusive. In the same email, this person suggested that I could write a perl script to use nslookup to query common names like the ones I listed. This is exactly what I am looking for, however perl and I don't get along very well. I could probably do this, it would just take some time. Then I would have to come up with my own list of common host names, which is another reason I was hopping someone had already been down this road. Thanks for the responses... David -----Original Message----- From: Kilian CAVALOTTI [mailto:kilian.cavalotti () crans org] Sent: Monday, September 08, 2003 4:21 PM To: David Burt Cc: security-basics () securityfocus com Subject: Sign:Re: Is there such a thing as DNS Network Mapper type application David Burt wrote:
To give you an example, you tell it the ip or name
of
the name server you would like to use, then it does many lookups trying to find IPs based on the names. You get this idea...
Something like an AXFR transfer on a DNS zone ? [22:18] me@host % host -l nic.fr nic.fr. NS ns.ripe.net. nic.fr. NS dns.inria.fr. nic.fr. NS ns0.oleane.net. nic.fr. NS ns1.nic.fr. nic.fr. NS ns1.oleane.net. nic.fr. NS ns2.nic.fr. nic.fr. NS ns3.nic.fr. alarch.nic.fr. A 192.134.4.166 alpha.nic.fr. A 192.134.4.16 ambre.nic.fr. A 192.134.4.162 archipel.nic.fr. A 192.134.4.245 astrid1.nic.fr. A 192.134.4.136 astrid2.nic.fr. A 192.134.4.2 axelle.nic.fr. A 192.134.4.123 barbapapa.nic.fr. A 192.134.4.95 [...] -- Kilian CAVALOTTI | GPGKeyId: 0xD657340C BOFH excuse #214: Flourescent lights are generating negative ions. If turning them off doesn't work, take them out and put tin foil on the ends. --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: Sign:Re: Is there such a thing as DNS Network Mapper type application David Burt (Sep 09)