DNS honors zone transfer requests (DNS zone transfer)

About this signature or vulnerability

BlackICE: http://www.networkice.com/advice/Intrusions/2000401

Default risk level

Medium risk vulnerability Medium

Sensors that have this signature

BlackICE: 1.0

Systems affected

IBM AIX, WindRiver BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, Novell NetWare, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Cisco IOS, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server

Type

Pre-attack Probe

Vulnerability description

Zone transfers contain lists that identify every computer registered with the DNS (Domain Name System) server. This information could be useful to an attacker in performing an attack.

If the source port of the DNS zone transfer request is a privileged port number (below 1024), it could indicate that another DNS server has made the request.

How to remove this vulnerability

If your DNS server should not be participating in zone transfers, configure your DNS server to prevent zone transfers. Refer to your DNS server's documentation for details.

References

ISS X-Force
DNS honors zone transfer requests
http://www.iss.net/security_center/static/212.php

CVE
CVE-1999-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0532