Sign in or 
Share this
DNS attacks
What are attacks against DNS servers
The facts (2005)
about 230.000 dns servers on the internet are open to be poisoned http://news.com.com/DNS+servers--an+Internet+Achilles+heel/2100-7349_3-5816061.html
http://news.com.com/DNS+opens+networks+to+data+attacks/2100-1002_3-5291874.html?part=rss&tag=5291874&subj=news.1002.10 how to use dns traffic to attack networks
http://www.securityfocus.com/bid/6186 It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user http://www.securityfocus.com/bid/6186/solution/ patches
and if you let your dns or domainnames be managed by the cheapest monkeys on the net, you can have this kind of problems (losing your domainname and email alltogether) http://linuxreviews.org/news/2004-06-10_reviewedinfo.org/index.html
http://dns.measurement-factory.com/surveys/index.html the state of insecure dns servers june 2005 and an interesting methodology of questions to ask yourselfif you are a network administrator
NXDOMAIN = Non-Existent Domain This means the domain could exist but doesn't (yet). It could be registered already, but it doesn't exist. www.nxdomain.net/
The information
http://www.nixu.com/products/namesurfer/download/Nixu_DNS_Basics_2004.pdf the dns basics in a text
news:comp.protocols.tcp-ip.domains about dns newsgroups
http://www.itprc.com/tcp_ip.htm good list of links about dns and ports and so
how to use dns traffic to attack networks It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf
protect your dns and more information from Microsoft here http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp
http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf how to protect a windows dns against attacks
http://www.oreilly.com/catalog/dnswinsvr/chapter/ch08.pdf DNS on windows 2003 integration with active directory
-->http://www.lurhq.com/cachepoisoning.html dns cache poisining, the next generation
The tools
tip control your dns traffic with this DNS Hijacker is a libnet/libpcap based DNS sniffer/spoofer. A versatile tool, it supports tcpdump-style filters that allow you to specifically target victims. DNS answers are forged based on entries in a "fabrication table" or by simply forging one answer to all requests. A print-only mode is also supported, allowing one to simply monitor DNS traffic. DNS Hijacker is an excellent tool for blocking and removing advertisements at the network level. The package comes with a default rule file for blocking about 780 known ad servers, as well as instructions on how to incorporate with RRDTool for ad blocking statistics generation. http://pedram.redhive.com/code/dns_hijacker/
Welcome to the Dlint web service. Dlint is a utility I developed to help identify problems in DNS zones I maintain on the Internet. There are many possible configuration problems with the Domain Name System that can catch even experienced network administrators. http://www.domtools.com/dlint/ http://www.domtools.com/dns/dlint.shtml download
http://www.mavetju.org/download/dnstracer-1.8.tar.gz dns tracer unix tool
http://www.maradns.org/ security DNS server THis tool Gives all the DNS records for any host. Lists all the computers in domain. Rebuild /etc/hosts, /etc/networks, and /etc/netmasks from DNS. Tell me everything you can about site nau.edu. What MX records exist for compuserve.com? http://www.domtools.com/dns/domtools.shtml unix
The Hiermap package generates multi-page hierarchical maps in PostScript. It includes tools to generate input data from DNS nameserver cache-dumps, Internet domain walks, or you can create your own from any data you have. Hiermap, which is mostly written in the Perl Programming Language, is designed so that as your map gets bigger, multiple pages of output are generated. You can then trim them with a scissors and tape them together to form the entire poster-sized map! Hiermap includes plenty of adjustments for paper-size, variations in the unprintable-border area for your printer, font, size, style, and more. http://www.domtools.com/dns/hiermap.shtml
DNS Flood Detector was developed to detect abusive usage levels on high traffic nameservers and to enable quick response in halting (among other things) the use of one's nameserver to facilitate spam http://www.adotout.com/
http://support.microsoft.com/default.aspx?scid=kb;EN-US;321045DNS Lint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues
http://www.caida.org/outreach/papers/2003/dnspackets/ very few of the traffic to the root dns servers is legitimite
http://frejus.itgate.net/as112/ observe your bind - dns server graphically
The facts (2005)
about 230.000 dns servers on the internet are open to be poisoned http://news.com.com/DNS+servers--an+Internet+Achilles+heel/2100-7349_3-5816061.html
http://news.com.com/DNS+opens+networks+to+data+attacks/2100-1002_3-5291874.html?part=rss&tag=5291874&subj=news.1002.10 how to use dns traffic to attack networks
http://www.securityfocus.com/bid/6186 It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user http://www.securityfocus.com/bid/6186/solution/ patches
and if you let your dns or domainnames be managed by the cheapest monkeys on the net, you can have this kind of problems (losing your domainname and email alltogether) http://linuxreviews.org/news/2004-06-10_reviewedinfo.org/index.html
http://dns.measurement-factory.com/surveys/index.html the state of insecure dns servers june 2005 and an interesting methodology of questions to ask yourselfif you are a network administrator
NXDOMAIN = Non-Existent Domain This means the domain could exist but doesn't (yet). It could be registered already, but it doesn't exist. www.nxdomain.net/
The information
http://www.nixu.com/products/namesurfer/download/Nixu_DNS_Basics_2004.pdf the dns basics in a text
news:comp.protocols.tcp-ip.domains about dns newsgroups
http://www.itprc.com/tcp_ip.htm good list of links about dns and ports and so
how to use dns traffic to attack networks It is likely that exploitation will allow a malicious DNS server to execute arbitrary code with privileges of the vulnerable process. Under some conditions, this may grant an attacker local access, possibly as a privileged user http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf
protect your dns and more information from Microsoft here http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp
http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf how to protect a windows dns against attacks
http://www.oreilly.com/catalog/dnswinsvr/chapter/ch08.pdf DNS on windows 2003 integration with active directory
-->http://www.lurhq.com/cachepoisoning.html dns cache poisining, the next generation
The tools
tip control your dns traffic with this DNS Hijacker is a libnet/libpcap based DNS sniffer/spoofer. A versatile tool, it supports tcpdump-style filters that allow you to specifically target victims. DNS answers are forged based on entries in a "fabrication table" or by simply forging one answer to all requests. A print-only mode is also supported, allowing one to simply monitor DNS traffic. DNS Hijacker is an excellent tool for blocking and removing advertisements at the network level. The package comes with a default rule file for blocking about 780 known ad servers, as well as instructions on how to incorporate with RRDTool for ad blocking statistics generation. http://pedram.redhive.com/code/dns_hijacker/
Welcome to the Dlint web service. Dlint is a utility I developed to help identify problems in DNS zones I maintain on the Internet. There are many possible configuration problems with the Domain Name System that can catch even experienced network administrators. http://www.domtools.com/dlint/ http://www.domtools.com/dns/dlint.shtml download
http://www.mavetju.org/download/dnstracer-1.8.tar.gz dns tracer unix tool
http://www.maradns.org/ security DNS server THis tool Gives all the DNS records for any host. Lists all the computers in domain. Rebuild /etc/hosts, /etc/networks, and /etc/netmasks from DNS. Tell me everything you can about site nau.edu. What MX records exist for compuserve.com? http://www.domtools.com/dns/domtools.shtml unix
The Hiermap package generates multi-page hierarchical maps in PostScript. It includes tools to generate input data from DNS nameserver cache-dumps, Internet domain walks, or you can create your own from any data you have. Hiermap, which is mostly written in the Perl Programming Language, is designed so that as your map gets bigger, multiple pages of output are generated. You can then trim them with a scissors and tape them together to form the entire poster-sized map! Hiermap includes plenty of adjustments for paper-size, variations in the unprintable-border area for your printer, font, size, style, and more. http://www.domtools.com/dns/hiermap.shtml
DNS Flood Detector was developed to detect abusive usage levels on high traffic nameservers and to enable quick response in halting (among other things) the use of one's nameserver to facilitate spam http://www.adotout.com/
http://support.microsoft.com/default.aspx?scid=kb;EN-US;321045DNS Lint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues
The crl_dnsstat application watches for DNS queries on UDP port 53. To collect accurate statistics on a specific nameserver (or client), it must be run on an interface that sees all DNS messages to that server (or from that client). It counts numbers of messages and numbers of queries, aggregated by any of source IP, destination IP, opcode, query type, query class. The subjects of queries are never recorded.
http://frejus.itgate.net/as112/ observe your bind - dns server graphically
|
ekz |
Latest page update: made by ekz
, Jun 22 2006, 6:20 AM EDT
(about this update
About This Update
Edited by ekz
694 words added view changes - complete history) |
|
Keyword tags:
DNS attacks
More Info: links to this page
|
There are no threads for this page.
Be the first to start a new thread.
