首页 > 科技 > DNS traceroute and Scan ports

DNS traceroute and Scan ports

2005年8月10日 17点55分 发表评论 阅读评论

First Part: DNS traceroute

In the internet,hackers always want to find more informations about target machine,such as IP address and domain name.So DNS becomes the target hackes want to attack first.

The best DNS server is BIND in the Linux world, are developed and maintained by Internet Software Consortium who also do the same thing in DHCP and INN projects.BIND 4.0 is the stablest, BIND8.0 is released later,and BIND 9.0 is the latest release. Note: keep the BIND release to the latest will be benifit for higher security.

There are three common tools working on DNS information:nslookup,dig,host.

# nslookup

Query Internet name servers interactively.Note:nslookup is deprecated and may be removed from future releases.Consider using the “dig” or “host” programs instead.We could get the DNS server IP in the /etc/resolv.conf,for example:

# cat /etc/resolve.conf
 nameserver 202.96.143.133

DNS lookup utility.DNS criterion contains the following items:
SOA: include the email of Administrotor and updating information.
A: IP of local host
CNAME: alies name of local host
PTR: mapping from IP to host
HINFO: the structure and operating system of host
TXT: Additional descritption
RP: the master’s email address

 
# host -t txt www.example.com
# host -t '*' www.expample.com

Reverse resolving by issuing the following command:

# host 202.112.20.133
sea.whnet.edu.cn
 

DNS criteron should be in high security mode but they are so weak now.Hackers invades the DNS server,and response the cheaping program to the user’s request before the really IP resolving result sent by DNS,then hackers could control the user’s system.To make DNS more stronger,DNSSEC was developed.

The location of host is useful,if hackers want to start Dos attacking from invaded hosts,it seems more effective from those machines invaded which is near the target host.Traceroute are used for detecting hosts passed from localhost to target host.

#traceroute

Second Part: Scan ports

# nmap

nmap is used to detect which port of remote host is opened.and issue the following command could get the operating system of remote host:

# nmap -O remote-host
# nmap -P0(number zero) remote-host  (forcing scan mode)

How to prevent nmap scan? /etc/issue records those information including operating system and kernel release.we could change the information or recommend those lines in order to do not let the hacker know more about our system.In some case,/etc/issue would be modified by other processes or operating system after rebooting system,we could issue the following command to protect it:

# chattr + i  /etc/issue

As the same as /etc/issue,the file locates in “/etc/mail/sendmail.cf” shuold be noticed,too.

分类: 科技 标签:
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.
您必须在 登录 后才能发布评论.