Leido en pen-test:
http://tripp.dynalias.org/
http://www.imperva.com/application_defense_center/tools.asp
http://www.int0x21.com/
http://jacquelin.potier.free.fr/networkstuff/
martes 30 de mayo de 2006
Utilidades de proxy para tcp/udp.
martes 16 de mayo de 2006
Bind 8 - Bind 9
Otra cosa interesante que me he encontrado hoy es fingerprint en bind9:
The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
chaos record called "authors". So now even if an admin changes or
suppresses their version reply string, a remote user can still determine
whether the server is running BIND 9.x. With the recent discovery of the
tsig bug in BIND there will probably be a huge rise in version
queries. Some attackers may remove ambiguity by skipping servers that
reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable).
% dig ns.example.com authors.bind chaos txt
or
% nslookup -q=txt -class=CHAOS authors.bind. ns.example.com
Server: ns.example.com
Address: 23.23.23.23
authors.bind text = "Bob Halley"
authors.bind text = "Mark Andrews"
authors.bind text = "James Brister"
authors.bind text = "Michael Graff"
authors.bind text = "David Lawrence"
authors.bind text = "Michael Sawyer"
authors.bind text = "Brian Wellington"
authors.bind text = "Andreas Gustafsson"
The following Snort signature will detect these probes:
alert UDP $EXTERNAL any -> $INTERNAL 53 (msg: "IDS480/named-probe-authors";
content: "|07|authors|04|bind"; depth: 32; offset: 12; nocase;)
http://whitehats.com/info/IDS480
Max
http://archives.neohapsis.com/archives/bugtraq/2001-01/0491.html
Suscribirse a:
Entradas (Atom)
