GEN:SID | 1:1948 |
Message | DNS zone transfer UDP |
Summary | A zone transfer of records on the DNS server has been requested.
A successful zone transfer can give valuable reconnaissance about hostnames and IP addresses for the domain.
|
Impact | Information leak, reconnaissance. A malicious user can gain valuable information about the network.
|
Detailed Information | Zone transfers are normally used to replicate zone information between master and slave DNS servers. If zone transfers have not been restricted to authorized slave servers only, malicious users can attempt them for reconnaissance about the network. The content |00 00 FC| looks for the end of a DNS query and a DNS type of 252 meaning a DNS zone transfer.
|
Affected Systems | All versions of BIND.
|
Attack Scenarios | A zone transfer might be a precursor to some kind of attack to gain reconnaissance.
|
Ease of Attack | Simple to perform using tools such as nslookup, dig, and host.
|
Corrective Action | Configure your DNS servers to allow zone transfers from authorized hosts only.
|
Additional References | CVE: CAN-1999-0532 arachnids,212
|
Rule References | arachnids: 212
cve: 1999-0532
nessus: 10595
|