nessus scan reveals vulnerability on port domain (53/tcp)

nessus scan reveals vulnerability on port domain (53/tcp)

Post by Kevin Darc » Wed, 31 Jan 2001 09:09:47



allow-recursion { localnets; };

allow-recursion { 10/8; };

You can, of course, associate names with arbitrary addresses, address ranges
and/or address prefixes. For instance, on some of my firewalls I have

allow-recursion { extranet; };

where "extranet" is an "acl" I define myself (as opposed to the built-in "acl"s
like "localnets").

By the way, you should upgrade to at least BIND 8.2.3 because of the security
vulnerability that was just fixed.

- Kevin


> Hello, below is a nessus generated scan which suggests that I "Restrict
> recursive queries to the hosts that should use this nameserver (such as
> those of the LAN connected to it).  If you are using bind 8, you can do this
> by using the instruction 'allow-recursion' in the 'options' section of your
> named.conf

> I tried at least 3 ways of adding that - all of which errored on restart.
> Does anyone have a working example?   Thanks. <By the way I upgraded the
> version already to the reccomended upgrade version>

> Vulnerability found on port domain (53/tcp)

>   The remote BIND server, according to its
>   version number, is vulnerable to the ZXFR
>   bug that allows an attacker to disable it
>   remotely.

>   Solution : upgrade to bind 8.2.2-P7
>   Risk factor : High

> [ back to the list of ports ]
> Warning found on port domain (53/tcp)

>   The remote name server allows recursive queries to be performed
>   by the host running nessusd.

>   If this is your internal nameserver, then forget this warning.

>   <This was a remote scan to my nameserver>

>   If you are probing a remote nameserver, then it allows anyone
>   to use it to resolve third parties names (such as www.nessus.org).
>   This allows hackers to do cache poisoning attacks against this
>   nameserver.

>   Solution : Restrict recursive queries to the hosts that should
>   use this nameserver (such as those of the LAN connected to it).
>   If you are using bind 8, you can do this by using the instruction
>   'allow-recursion' in the 'options' section of your named.conf

>   If you are using another name server, consult its documentation.

>   Risk factor : Serious

> Information found on port domain (53/tcp)

>   The remote bind version is : 8.2.2-P5

>   < I did upgrade this >

 
 
 

1. nessus scan reveals vulnerability on port domain (53/tcp)

Hello, below is a nessus generated scan which suggests that I "Restrict
recursive queries to the hosts that should use this nameserver (such as
those of the LAN connected to it).  If you are using bind 8, you can do this
by using the instruction 'allow-recursion' in the 'options' section of your
named.conf

I tried at least 3 ways of adding that - all of which errored on restart.
Does anyone have a working example?   Thanks. <By the way I upgraded the
version already to the reccomended upgrade version>

Vulnerability found on port domain (53/tcp)

  The remote BIND server, according to its
  version number, is vulnerable to the ZXFR
  bug that allows an attacker to disable it
  remotely.

  Solution : upgrade to bind 8.2.2-P7
  Risk factor : High

[ back to the list of ports ]
Warning found on port domain (53/tcp)

  The remote name server allows recursive queries to be performed
  by the host running nessusd.

  If this is your internal nameserver, then forget this warning.

  <This was a remote scan to my nameserver>

  If you are probing a remote nameserver, then it allows anyone
  to use it to resolve third parties names (such as www.nessus.org).
  This allows hackers to do cache poisoning attacks against this
  nameserver.

  Solution : Restrict recursive queries to the hosts that should
  use this nameserver (such as those of the LAN connected to it).
  If you are using bind 8, you can do this by using the instruction
  'allow-recursion' in the 'options' section of your named.conf

  If you are using another name server, consult its documentation.

  Risk factor : Serious

Information found on port domain (53/tcp)

  The remote bind version is : 8.2.2-P5

  < I did upgrade this >

2. Spring models

3. port 53 Questions (port Scans)

4. Speech in E.T.

5. Port Scan revealed 11000 port open

6. Win98 client can't connect as guest

7. firewall config....what to open....tcp or udp port 53?

8. Use of TCP port 53 for queries?

9. How to keep BIND from listening on port 53/tcp

10. How common is blocking tcp port 53 to prevent unauthorized zone transfers?

11. NIC - why should they care about TCP access to port 53???

12. Sample code to connect to TCP port 53?