GEN:SID | 1:256 |
Message | DNS named authors attempt |
Summary | An attempt was made to query authors.bind chaos record on your DNS server. |
Impact | Allows a remote attacker to possibly determine the version of bind you are running.
|
Detailed Information | Bind 9.x allows you get the authors.bind chaos record. The ability to retrieve this file indicates that the machine is running at least a 9.x variant of the bind nameserver.
|
Affected Systems | |
Attack Scenarios | As part of a reconnaissance mission, an attacker may attempt to gleen important information about your infrastructure by determining your bind version. If authors.bind is retrievable, this indicates that you are running Bind 9.x. If not, it means nothing. This, in addition to possibly retrieving version.bind, allows attackers to craft attacks specially suited for your environment.
|
Ease of Attack | Trivial:
warchild@cuba [~]$ dig +short @testhost.com txt chaos authors.bind
"Bob Halley" "Mark Andrews" "James Brister" "Michael Graff" "David Lawrence" "Michael Sawyer" "Brian Wellington" "Andreas Gustafsson"
|
Corrective Action | Remove the ability to retrieve the authors.bind chaos record by either applying the patch from ISC or tweaking your configs accordingly.
|
Additional References | |
Rule References | arachnids: 480
nessus: 10728
|