WARNING ABOUT DNS RESOLVE IN NESSUS AND VERISIGN DNS CHANGES
Michel Arboi
mikhail at nessus.org
Wed Sep 17 17:10:11 EDT 2003
<scheidell at secnap.net> writes:
> You put some ip addresses in nessus, you select 'do reverse dns'.
I don't think there is a problem here.
However if you mispell a FDHN, for example www.secnp.net instead of
www.secnap.net, you'll test their machine instead of your web server.
You might leak out password (HTTP, FTP SMB...). You might also kill
their machine, but I don't think this is a real legal threat.
<note to kiddies>
If you really want to knock out Verisign server, I don't guarantee
that the judge will believe in the "typo" story
</note>
--
arboi at alussinan.org http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
More information about the Nessus
mailing list