What funcionality should be disallowed between a DNS server and untrusted node?
1- name resolutions
2- reverse ARP requests
3- system name resolutions
4- zone transfers

I think its 4 but im trying to look for a good reference why would that be the correct answer thanks

Report this post to a moderator

I have a question my friend ...
Where are you gettign these questions from? If it is from some kind of study reference it will be covered there.

__________________
Go hard or go home!

Report this post to a moderator

Hi its not from a study guide. Its from a book I have and I believe that they are wrong and im trying to get a reference on this question. thanks

Report this post to a moderator

'k

What is the book? I have read a few and find there is a lot of debate on some ideas. I think it possibly comes from that particular author having come across a particular attack that is not necessarily common.

I would go for 2 - reverse ARP requests.

__________________
Go hard or go home!

Report this post to a moderator

i will go for 4.
What's wrong with reverse ARP request?? i can understand why we should't allow others to do zone transfer.

Report this post to a moderator

<< kicks self in butt !!

I was having a verbal when I replied and didnt realise I hadn't finished

I would go for 2 Reverse ARP - Reverse ARPing is used when spoofing in many cases.

The zone transfers is a security thing, but in my opinion is not the answer for this question as we are dealing with DNS.

type Reverse ARP into google and you will find many hacker pages discussing this.

__________________
Go hard or go home!

Report this post to a moderator

that still doesn't convince me. from my understanding RARP is used to resolve a MAC back to IP. Normally the IP of a DNS server is already known anwyay so i don't see anything wrong with RARP request to a DNS.

If you allows untrusted PC to do DNS zone transfer then you will be giving out all sort of info to others (eg name and IP of your file server etc).

am i right or wrong??

btw i have only started reading books for security+ for 2 days so may be i do't knwo enough yet... :P

Report this post to a moderator

partially right - the answer does not say DNS zone transfer so it could just be a security zone.

As I said - if you search reverse ARP in google you will learn heaps.

__________________
Go hard or go home!

Report this post to a moderator

I am going to go with zone transfers.

http://is-it-true.org/pt/ptips4.shtml

http://techupdate.zdnet.co.uk/story...2129499,00.html

http://lists.isb.sdnpk.org/pipermai...ary/001748.html

3 references above....

That was also covered in the SANS Security Essentials course, and they instructor really knew his stuff...

Report this post to a moderator

Its 4
You can definately get into trouble without locking zone transfers into only trusted servers.
If you've ever dealt with BIND then you will definately see the advantages of using windows 2000 DNS for internet name resolution.
We made the switch last year "I did it mainly to make life easier for our more junior techs" when we did I noticed that it is much easier to keep up with security updates with windows 2000 than it is to keep up with the almost weekly cert_advisories of BIND buffer overflow vulnerabilities.
For DNS security and rock solid reliability in DNS its hard to beat windows 2000.

__________________
Check out my music at
www.chodan.com
Rural Development in Eastern Ky.
www.centertech.com
"It is our decisions that show us what we truly are in life, not our abilities."

Report this post to a moderator