Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: I'll argue the wording on 18356...

from [Dan Bowman] Network Security [Permanent Link]
Subject: RE: I'll argue the wording on 18356...
Date: Thu, 31 Aug 2006 16:08:11 -0400 
Some queries will revert to a TCP response, it happens with SOA sometimes
depending on the response size.  In such a case it would fail and the user
would never email you if there was a problem.  I understand your trick and
think it's just fine if that's what you want.  Also, any query against a
root domain with the type set to "any" (Windows users suffer from this more
often than unix users when they perform nslookup searches instead of dig
searches because they do not have the dig utility) and the server will
nearly always revert to TCP for the response.

I like your idea for an internet facing DNS but you have to admit that it's
not RFC compliant because it does block legitimate DNS traffic.  It's the
exception to the rule.  Changing the plugin description for such an anomaly
is potentially confusing to everyone but your site.  No?

Regards,

-- Dan

Daniel Bowman
Director of Support & ITS
Tenable Network Security
http://www.tenablesecurity.com/


-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Jason Haar
Sent: Thursday, August 31, 2006 14:45
To: nessus@list.nessus.org List
Subject: Re: I'll argue the wording on 18356...

Michel Arboi wrote:

We run tinydns and ensure our DNS records are always small enough to 
fit within a single UDP packet
    


I understand the trick, but can you be sure of the behaviour of the 
remote client software?
  


You're saying there are DNS clients out there that *default* to TCP for DNS
lookups???

We've been running this "trick" for many years now. Never heard of anyone
not being able to connect to our MX records, DNS servers, Web servers, etc,
etc (of course, we never would hear from anyone having a problem ;-)

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I'll argue the wording on 18356..., Michel Arboi
Next by Date:  Re: I'll argue the wording on 18356..., Jason Haar
Previous by Thread:  Re: I'll argue the wording on 18356..., Jason Haar
Next by Thread:  bind() failed :Address already in use..., ruud van lee
Indexes:  [Date] [Thread] [Top] [All Lists]