||||
Symantec.com > Business > Security Response > Attack Signatures > DNS Zone Transfer Query
PRINT THIS PAGE

DNS Zone Transfer Query

Severity: Low

This attack poses a minor threat. Corrective action may not be possible or is not required.

Description

This signature detects a zone transfer request made to a DNS server.

Additional Information

A Zone Transfer request to a DNS server returns a complete list of hostnames and IP addresses in the domain. Ordinarily, zone transfers should only occur between authoritative DNS servers for a domain. Attackers may query DNS servers to compile a list of possible hosts to attack. This signature detects attempted zone transfers from sources other than DNS servers.

Affected

  • Any DNS Server

Response

Information on how to block malicious zone transfers can be found at the following location:
SANS: DNS Security

Possible False Positives

This signature may not indicate malicious intent if the querying machine is a host known to the administrator. Users who are running DNS lookup programs such as 'nslookup' or 'dig' may trigger this signature during normal network operations.


©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS