Administration
  Home arrow Administration arrow Page 3 - Webserver Security (Part I)
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
ADMINISTRATION

Webserver Security (Part I)
By: Kristian Kohntopp
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 2
    2000-04-19

    Table of Contents:
  • Webserver Security (Part I)
  • The server offers services it was not intended to
  • Dumping a zone using nslookup
  • Other Helpful Tools
  • rpcinfo query to www.example.server
  • Remote SNMP queries
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    PCmover - $15 Off with Coupon Code CJPH7Q

    Webserver Security (Part I) - Dumping a zone using nslookup
    (Page 3 of 6 )

    To get a listing of all known hosts in a domain you could run nmap scan against the complete network containing the server of interest. Alternatively you could look into the DNS and see what the server operator has published about his domain.

    Using the example.server domain again: 
    # nslookup
< set type=ns
< www.example.server.
Server:  ns.provider.net
Address:  10.4.3.1
example.server
origin = ns.example.server
mail addr = postmaster.ns.example.server
serial = 2000032201
refresh = 10800 (3H)
retry   = 3600 (1H)
expire  = 604800 (1W)
minimum ttl = 86400 (1D)
< server ns.example.server
Default Server:  ns.example.server
Address:  192.168.129.37
< ls example.server.
[ns.example.server]
$ORIGIN example.server.
@                       1D IN A         192.168.240.131
wwwtest                 1D IN A         192.168.240.135
news                    1D IN A         192.168.240.136
localhost               1D IN A         127.0.0.1
listserv                1D IN A         192.168.240.136
...
igate                   1D IN A         192.168.129.34
    The "set type=ns" (Nameserver) command instructs nslookup to ask only for information about the nameserver of a domain. Our query for "www.example.server." will then return all nameservers for that host, in this case only a single server, "ns.example.server."

    We now use the command "server ns.example.server" to direct all further queries directly to that server. With "ls example.server." we ask that particular server for a complete listing of the zone "example.server". We receive a listing of all hostnames and ip numbers published by the operator of example.server.

    A better-configured BIND8 allows us to limit zone transfers to known secondary name servers. "ls" commands from arbitrary hosts will be blocked and logged. If a domain has multiple nameservers it is often worthwile to try all of them: While the primary server is often secured, the secondaries are not and will happily list the zone for you.

    Security conscious network operators run their internal DNS from a different server than their Internet setup. There is no need to tell the world which machines are running in your offices and how they are named. It is completely sufficient to publish the names and addresses of your production machines.

    Next: Other Helpful Tools >>
     

    More Administration Articles
    More By Kristian Kohntopp


     
    >>> Be the FIRST to comment on this article!

       

    ADMINISTRATION ARTICLES

    - Configuring Load-Balanced Clusters
    - Load-Balanced Clusters
    - UNIX Time Format Demystified
    - Making Changes in the CVS
    - Building Your First CVS Repository
    - CVS Quickstart Guide
    - Authorizing Users in Samba
    - Handling User Accounts in Samba
    - Authentication in Samba
    - Accounts, Authentication, and Authorization
    - Advanced Concepts on Dealing with Files and ...
    - Dealing with Files and Filesystems
    - More Hacks for the User Environment in BSD
    - Personalizing the User Environment in BSD
    - Customizing the User Environment in BSD
    Find More Administration Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway