+++ Dayalan Manohar [linux-india] <30/01/02 16:53 +0530>:
> 202.54.1.30 (dns.vsnl.net.in) which is authoritative for many domains
> seems to be open to AXFR.
And is running an ancient version of bind to boot ...
> This is a bad thing I assume (or is it OK if you are an ISP).Is it bad
> only because it discloses information unnecessarily or are there other
> security implications?
Well, the guy who axfrs the zone later finds a nice lot of IPs to portscan.
That, plus AXFR really chews up your bandwidth, as does allowing recursive
queries so that any tom, dick and harry can put your nameserver IPs in his
resolv.conf and use your dns server to resolve sites and surf the net.
-srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
[Linux One Stanza Tip] From : <[EMAIL PROTECTED]>
LOST #195 -**< Sub : Find the spelling of a word >**-
Forget how to spell a word or a variation of a word ? Use:
$look portion_of_word_you_know
[Note : the file /usr/dict/words should be in place]
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
