DNS Issue

Recently, I attended HITB Conference here in Malaysia and found one of the section was very interesting. The titile is “Pushing the Camel Through the Eye of a Needle” by Charl van der Walt from Sensepost. I noticed that one of the tool used by him is dns2tcp which allow us to relay TCP connections through DNS traffic. I found it quite interesting, so I decided to test it.

While I was doing the testing, I came across an article quoting that one in four public DNS is still insecure and vulnerable to Kaminsky flaw. Even though DNS is consider one of the key foundation of today Internet, a lot of people still take it very lightly. Since DNS can cause many types of attacks and issues to the Internet, I decided to spend some time to explain in the next few posts about what DNS is and how exactly the DNS flaw can affect everyone.

For a start, the diagram showing on the right is how domain name arranged in a tree.

Gooscan… Goo scanning???

I read a post about this Gooscan this morning. My first impression for this tool is basically should be something to do with Google. And further reading proved my point.

So what exactly is Gooscan…?  Mm… how about Google Scan..? Will it be better?

Basically, it is an automated query tool against Google search appliance. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

But before we go into this tool and just launch the button, you may want to take a closer look on this: From Google ToS - “You may not send automated queries of any sort to Google’s system without express permission in advance from Google.”

This means that you should not use this tool to query Google without advance express permission. Google appliances, however, do not have these limitations. You should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with
any automated tool for various legal and moral reasons.

Of course, the author wrote this tool not to violate Google’s terms of service (ToS), but to raise the awareness of the web security community that a ToS may not discourage the bad guys from writing and running a tool like this for malicious purposes. To that end, only use this tool to query ‘appliances’ unless you are prepared to face the (as yet unquantified) wrath of Google.

So, use the tool with care please..

Here you go - Gooscan V1.0

• Search for:

• Recent Posts

  • DNS Issue
  • Gooscan… Goo scanning???
  • Hack In The Box Security Conference 2008
  • Job Scope
  • Hello Security World!

• Categories

  • Conference
  • DNS
  • Miscellaneous
  • Security Tools

• Archives

  • November 2008
  • August 2008

• Tags

  black hat capture the flag Conference CTF DNS dns2tcp DNS flaw Domain Name System Google Google Search Appliance hack in the box HITB internet security knowledge IT security job scope Kaminsky Kaminsky flaw network security search Search Engines Security security conference security issue Web server

Copyright © 2007 Paranoid About Security • Using Dropshadow theme by Brian Gardner