GEN:SID | 1:255 |
Message | DNS zone transfer TCP |
Summary | This event is generated when an attempt is made to request a zone transfer from a DNS Server
|
Impact | Information disclosure.
|
Detailed Information | DNS Zone transfers are normally used between DNS Servers to replicate zone information. Zone transfers can also be used to gain information about a network.
|
Affected Systems | All DNS Servers
|
Attack Scenarios | A malicious user may request a Zone Transfer to gather information before commencing an attack. This can give the user a list of hosts to target.
|
Ease of Attack | Simple.
|
Corrective Action | Configure the DNS servers to only allow zone transfers from authorised hosts, limit the information available from publicly acessible DNS server by using Split Horizon DNS or separate DNS Servers for internal networks.
|
Additional References | |
Rule References | arachnids: 212
cve: 1999-0532
nessus: 10595
|