Re: DNS Injection Problem

From: Danny (dannyat_private)
Date: Mon May 05 2003 - 17:30:44 PDT

Next message: Altheide, Cory B.: "RE: smsx.exe?"

Previous message: Steve Bromwich: "smsx.exe?"
In reply to: Blade Runner: "DNS Injection Problem"
Next in thread: Glenn Forbes Fleming Larratt: "Re: DNS Injection Problem"
Next in thread: David Conrad: "Re: DNS Injection Problem"
Reply: Glenn Forbes Fleming Larratt: "Re: DNS Injection Problem"
Reply: Blade Runner: "Re: DNS Injection Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, May 5, 2003, at 01:11  PM, Blade Runner wrote:
>
> OS: Slackware 8.1  kernel 2.4.20
>
> DNS Server: bind 9.2.2  # I am focusing my attention here, looking for 
> bugs.

Do you have bind interacting with a windows Active Directory Setup 
which allows clients to update / modify DNS in bind?

> Web Server: apache 1.3.27 + php-4.3.1 + SquirrelMail 1.4.0

Squirrel Mail has had quite a number of security problems in the past, 
Have you kept on top of the patches and updates for it in the past?

>
> Proftpd 1.2.8 # no root or anonymous connections
>
> Here it goes a scanner showing my open ports.
>
> Port       State       Service
> 21/tcp     open        ftp
> 23/tcp     open        telnet
> 25/tcp     open        smtp
> 53/tcp     open        domain
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 113/tcp    open        auth
> 143/tcp    open        imap2
>

Is this a *full* port scan using -p 1-65535 / -p- or simply nmaps 
default scan?

>
>
> In this server we do not allow telnet/rsh or any shell connection.
>
> Since I am a newbie, I would appreciate some advices and tips.

Er, you say that you do not allow any telnet access to this server but 
you are running the telnet service, thats probably not a good idea, If 
you meant you don't allow any clients remote access to the server i'd 
suggest ditching telnet and using [Open]SSH... If *noone* has remote 
access to this server than you should disable the telnet service.

>
> Thanks a lot and sorry about my poor English
>
>
>

Danny
Network Security Engineer

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Next message: Altheide, Cory B.: "RE: smsx.exe?"
Previous message: Steve Bromwich: "smsx.exe?"
In reply to: Blade Runner: "DNS Injection Problem"
Next in thread: Glenn Forbes Fleming Larratt: "Re: DNS Injection Problem"
Next in thread: David Conrad: "Re: DNS Injection Problem"
Reply: Glenn Forbes Fleming Larratt: "Re: DNS Injection Problem"
Reply: Blade Runner: "Re: DNS Injection Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 05 2003 - 17:34:00 PDT