|
Family: General --> Category: infos
DNS AXFR Vulnerability Scan
Vulnerability Scan Summary Acertains if the remote name server allows zone transfers
Detailed Explanation for this Vulnerability Test
The remote name server allows DNS zone transfers to be performed.
A zone transfer will allow the remote attacker to instantly populate
a list of potential targets. In addition, companies often use a naming
convention which can give hints as to a servers primary application
(for instance, proxy.company.com, payroll.company.com, b2b.company.com, etc.).
As such, this information is of great use to a possible hacker who may use it
to gain information about the topology of your network and spot new
targets.
Solution: Restrict DNS zone transfers to only the servers that absolutely
need it.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|