Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts
Sunday, February 7, 2010
Google aims to speed up DNS requests
Google and Neustar UltraDNS have proposed a extension to try to build some geographic awareness into the Domain Name System.
The proposed extension, called Client IP information in DNS requests, would send along the first three quarters of a user’s IP address along with an DNS request. The last quarter would be cut off to preserve some privacy, but the first part should be enough to geographically target the answer in some cases, Google said in a blog post on Wednesday.
As designed, it would, for example, return the address for Google’s Dutch server, not Google’s California server, to a user in the Netherlands who needs to reach it.
For more on this story, see Google proposes geo-smart Internet speedup on CNET News.
Google aims to speed up DNS requests
Google and Neustar UltraDNS have proposed a extension to try to build some geographic awareness into the Domain Name System.
The proposed extension, called Client IP information in DNS requests, would send along the first three quarters of a user’s IP address along with an DNS request. The last quarter would be cut off to preserve some privacy, but the first part should be enough to geographically target the answer in some cases, Google said in a blog post on Wednesday.
As designed, it would, for example, return the address for Google’s Dutch server, not Google’s California server, to a user in the Netherlands who needs to reach it.
For more on this story, see Google proposes geo-smart Internet speedup on CNET News.
The proposed extension, called Client IP information in DNS requests, would send along the first three quarters of a user’s IP address along with an DNS request. The last quarter would be cut off to preserve some privacy, but the first part should be enough to geographically target the answer in some cases, Google said in a blog post on Wednesday.
As designed, it would, for example, return the address for Google’s Dutch server, not Google’s California server, to a user in the Netherlands who needs to reach it.
For more on this story, see Google proposes geo-smart Internet speedup on CNET News.
Wednesday, December 16, 2009
BackTrack 4 - DNS 1
Okay, so I've finished a week of studying, passed the exam today and now I have had a few minutes to get to grips with one or two of the DNS tools on the BT4 CD. I'm gonna start off easy and look at a couple of my favorite DNS tools and then move onto some that I'm not too familiar with. I decided to start with DNS because that usually where thing start for me, well that and Google but lets leave that for now.
Fierce
I was glad to see that Fierce is still in BT. Fierce is one of my favorite DNS tools and I have blogged about it ion the past. It always gets the job done and underneath it's simple exterior it's doing quite alot (maybe RSnake worked for Apple once).
Fierce starts off by using your DNS to get the targets DNS and then hops on over to that DNS to do it's work. All pretty cool stuff eh. Fierce will try to dump the DNS (although unlikely this will work) and then it will start to use it's name list (hosts.txt) to guess the name of hosts out there. Although not a bad wordlist I suggest you add to it as you come across anything in your travels. Anything Fierce guesses correctly it will perform reverse look ups of a few of the addresses around the correctly guessed one (also configurable) or with -wide it will scan the whole class C subnet of any host it finds. Noisy but effective.
The command I used to scan insecure.org with 10 threads and scanning the class C of any found IPs was:
./fierce.pl -wide -threads 10 insecure.org
DNSRecon
Although this found me some good results what I also wanted to do was look in between those IP's in the reverse lookup. Because if the target has a block of IP's and nested somewhere in the middle of them is host on another domain then that's interesting. For this task I Dark Operators DNSRecon ruby script.
An example of running the script against on of the subnets that Fierce located gave up some interesting (but very obvious) results:
ruby dnsrecon.rb -r 64.13.134.1 64.13.134.254
Surprise surprise nmap.org!
Well there's plenty more to go, I just wanted to make a start on this set of posts.
Happy hunting!
Fierce
I was glad to see that Fierce is still in BT. Fierce is one of my favorite DNS tools and I have blogged about it ion the past. It always gets the job done and underneath it's simple exterior it's doing quite alot (maybe RSnake worked for Apple once).
Fierce starts off by using your DNS to get the targets DNS and then hops on over to that DNS to do it's work. All pretty cool stuff eh. Fierce will try to dump the DNS (although unlikely this will work) and then it will start to use it's name list (hosts.txt) to guess the name of hosts out there. Although not a bad wordlist I suggest you add to it as you come across anything in your travels. Anything Fierce guesses correctly it will perform reverse look ups of a few of the addresses around the correctly guessed one (also configurable) or with -wide it will scan the whole class C subnet of any host it finds. Noisy but effective.
The command I used to scan insecure.org with 10 threads and scanning the class C of any found IPs was:
./fierce.pl -wide -threads 10 insecure.org
DNSRecon
Although this found me some good results what I also wanted to do was look in between those IP's in the reverse lookup. Because if the target has a block of IP's and nested somewhere in the middle of them is host on another domain then that's interesting. For this task I Dark Operators DNSRecon ruby script.
An example of running the script against on of the subnets that Fierce located gave up some interesting (but very obvious) results:
ruby dnsrecon.rb -r 64.13.134.1 64.13.134.254
Surprise surprise nmap.org!
Well there's plenty more to go, I just wanted to make a start on this set of posts.
Happy hunting!
Saturday, December 12, 2009
DNS Discovery With Fierce Domain Scan
This is just a quick post about some fun I had recently with Fierce Domain Scanner. I always find it amusing when I hear people say that they think naming a Server something other than www will afford them some protection. I always assume if it's out there then people know about it, no matter what you call it.
Using Fierce Domain Scanner from the Backtrack Distro I was able to point it at a domain and query DNS for available hosts. Using the command line below it turned up some interesting results:
perl fierce.pl -dns boots.com
When run, Fierce will contact my DNS server to get the targets name servers and then use them to first attempt to get the SOA records (which will likely fail these days) and then it will use the hosts.txt file to guess names. The reason it will switch to using the targets DNS is because it assumed that there is a chance that the internal DNS and the external DNS are on the same box, so here theres a chance of getting some internal names.
This scan uses the hosts.txt file in the same directory as the perl script to bruteforce DNS names and discover live hosts. The hosts.txt file can be updated manually or you can point Fierce to an alternative one.
Once a name is found it will scan up and down that range (5 address by default but this can be changed) looking for hosts with the same domain name. Now if this is a pentest and earlier reconnaissance has uncovered other associated domain that are in the scope of the test, Fierce can be told to look out for host with those domain names (use the -search option).
This tool is great to run against your own domain to see if there's anything there that shouldn't be.
Please remember, this is Fierce at it's most basic. More information can be found here at the creator, Rsnakes site.
Using Fierce Domain Scanner from the Backtrack Distro I was able to point it at a domain and query DNS for available hosts. Using the command line below it turned up some interesting results:
perl fierce.pl -dns boots.com
When run, Fierce will contact my DNS server to get the targets name servers and then use them to first attempt to get the SOA records (which will likely fail these days) and then it will use the hosts.txt file to guess names. The reason it will switch to using the targets DNS is because it assumed that there is a chance that the internal DNS and the external DNS are on the same box, so here theres a chance of getting some internal names.
This scan uses the hosts.txt file in the same directory as the perl script to bruteforce DNS names and discover live hosts. The hosts.txt file can be updated manually or you can point Fierce to an alternative one.
Once a name is found it will scan up and down that range (5 address by default but this can be changed) looking for hosts with the same domain name. Now if this is a pentest and earlier reconnaissance has uncovered other associated domain that are in the scope of the test, Fierce can be told to look out for host with those domain names (use the -search option).
This tool is great to run against your own domain to see if there's anything there that shouldn't be.
Please remember, this is Fierce at it's most basic. More information can be found here at the creator, Rsnakes site.
DNS Discovery With Fierce Domain Scan
This is just a quick post about some fun I had recently with Fierce Domain Scanner. I always find it amusing when I hear people say that they think naming a Server something other than www will afford them some protection. I always assume if it's out there then people know about it, no matter what you call it.
Using Fierce Domain Scanner from the Backtrack Distro I was able to point it at a domain and query DNS for available hosts. Using the command line below it turned up some interesting results:
perl fierce.pl -dns boots.com
When run, Fierce will contact my DNS server to get the targets name servers and then use them to first attempt to get the SOA records (which will likely fail these days) and then it will use the hosts.txt file to guess names. The reason it will switch to using the targets DNS is because it assumed that there is a chance that the internal DNS and the external DNS are on the same box, so here theres a chance of getting some internal names.
This scan uses the hosts.txt file in the same directory as the perl script to bruteforce DNS names and discover live hosts. The hosts.txt file can be updated manually or you can point Fierce to an alternative one.
Once a name is found it will scan up and down that range (5 address by default but this can be changed) looking for hosts with the same domain name. Now if this is a pentest and earlier reconnaissance has uncovered other associated domain that are in the scope of the test, Fierce can be told to look out for host with those domain names (use the -search option).
This tool is great to run against your own domain to see if there's anything there that shouldn't be.
Please remember, this is Fierce at it's most basic. More information can be found here at the creator, Rsnakes site.
Using Fierce Domain Scanner from the Backtrack Distro I was able to point it at a domain and query DNS for available hosts. Using the command line below it turned up some interesting results:
perl fierce.pl -dns boots.com
When run, Fierce will contact my DNS server to get the targets name servers and then use them to first attempt to get the SOA records (which will likely fail these days) and then it will use the hosts.txt file to guess names. The reason it will switch to using the targets DNS is because it assumed that there is a chance that the internal DNS and the external DNS are on the same box, so here theres a chance of getting some internal names.
This scan uses the hosts.txt file in the same directory as the perl script to bruteforce DNS names and discover live hosts. The hosts.txt file can be updated manually or you can point Fierce to an alternative one.
Once a name is found it will scan up and down that range (5 address by default but this can be changed) looking for hosts with the same domain name. Now if this is a pentest and earlier reconnaissance has uncovered other associated domain that are in the scope of the test, Fierce can be told to look out for host with those domain names (use the -search option).
This tool is great to run against your own domain to see if there's anything there that shouldn't be.
Please remember, this is Fierce at it's most basic. More information can be found here at the creator, Rsnakes site.
Subscribe to:
Posts (Atom)
