running tools against companies?

mrbinary

i have the book

ALL IN ONE
CEH Certified
Ethical Hacker
EXAM GUIDE
Matt Walker

in certain chapters he gives examples on how to use tools like nslookup to find out dns info, can you use these tools/cammands for learning purposes on sites like microsoft.com or is that illegal.

i tried to pull zone transfer using SOA listed in dnsstuff and it returned invalid response because the site is obvisoually secure and blocked.??

thanksk

impelse

Running tools like nslookup is the same when you open Google (in that moment your computer check for the www record in the dns server), it is different when you try to get the zone transfer or scan a network, in that moment you are going to gray to black area.

Some companies will hit you hard because you scan them and in other situation you are causing DoS just for the type of scan,

So it is better to build your own virtual machines and do the scan you want, dns check, etc,etc.

It is not difficult,

mrbinary

thanks impelse will keep that in mind. i can create a vm i guess? now is that the same as spinning up a vm i heard that alot what does that mean?

also is the answer to question below a, i swear it is, but book says b. thanks.

---

An SOA record gathered from a zone transfer is shown here:
@ IN SOA DNSRV1.anycomp.com. postmaster.anycomp.com. (
4 ; serial number
3600 ; refresh [1h]
600 ; retry [10m]
86400 ; expire [1d]
3600 ) ; min TTL [1h]
What is the name of the authoritative DNS server for the domain, and how
often will secondary servers check in for updates?
A. DNSRV1.anycomp.com, 3600 seconds
B. DNSRV1.anycomp.com, 600 seconds
C. DNSRV1.anycomp.com, 4 seconds
D. postmaster.anycomp.com, 600 seconds

mrbinary

i was trying to do a dns zone transfer using nslookup on a local isp, can i get into trouble for that? i didn't realize till after i attempted it, even though it failed due to security on their end. but if they monitoring port 53 and see activity would that raise alarm bells?

i a in Canada don't even know if its possible to get into trouble, but it was something i was following out of the book . where can i run these next time i need to without problems, i don't have a home network ?

thanks.

Master Of Puppets

Build a home lab using virtual machines. There are a lot of vulnerable VMs for free on the internet. Get virtialbox and let the fun begin! However, you are going to need better hardware if you want to create a decent lab.

NovaHax

In most countries, including the United States, it IS ILLEGAL to attempt unauthorized zone transfers. But will you get in trouble??? Probably not (assuming you don't proceed beyond that point). A company that is not security-conscious enough to lock down zone-transfers is probably not going to detect you performing one. And a company that does prevent you will just dismiss your failed attempt as a success on their end.

Regardless...good rule of thumb:
When in doubt...keep it in a lab, or on a network you've been authorized to tackle!!!

paul78

NovaHax wrote: »

including the United States, it IS ILLEGAL to attempt unauthorized zone transfers.

Isn't that a bit of a stretch, just because one judge in the backwoods of North Dakota ruled it illegal doesn't mean that's true in other states. I would have to check at the federal level but in the past, the federal government's view (at least the FBI when I last checked) considered activities like port-scaning and retrieval of public information as analogous to walking up to a house and ringing the doorbell.

Regardless - @OP - there are certainly some gray areas. You are better off doing your lab work on your own servers.

sckalath

There are plenty of vulnerable targets out there from systems to web apps. This list is a pretty good start: http://www.amanhardikar.com/mindmaps/Practice.html

I prever OverTheWire's Wargames: OverTheWire - Wargames

impelse

I like that link you shared sckalath.

NovaHax

paul78 wrote: »

Isn't that a bit of a stretch...the federal government's view (at least the FBI when I last checked) considered activities like port-scaning and retrieval of public information as analogous to walking up to a house and ringing the doorbell.

The OP asked about performed a DNS zone-transfer. There is a big difference between port scanning (which essentially performs the same packet level actions that are performed whenever you establish a TCP connection) and performing an unauthorized zone-transfer.

NovaHax

sckalath wrote: »

There are plenty of vulnerable targets out there from systems to web apps. This list is a pretty good start: http://www.amanhardikar.com/mindmaps/Practice.html

I prever OverTheWire's Wargames: OverTheWire - Wargames

Great resource!!! SANS used this for one of their posters.

YFZblu

Regarding your "visibility" when performing such actions: in the organization I work for, any DNS requests from the internet over TCP will be brought to the attention of security operations in the form of an IDS alert for a zone transfer request. I have no idea how an ISP would view this, or if they care. My point is you may definitely have the spotlight shined on you after attempting such things.

Today alone I've learned you run Wireshark at work without permission and perform zone transfer attempts without permission. For aspiring security professionals, curiosity can be a very good thing; that being said, irresponsible curiosity will get you busted.

JDMurray

ISPs care about the traffic they route only if it's affecting their operational performance, or they are required to care because of government regulations, or because of a "security letter" forcing them to log and report on specific traffic. Also, ISPs rarely respond to IP abuse emails because that would imply an ISP is accepting legal responsibility for what its customers are doing with the IPs the ISP is leasing to them.

Always remember the first rule of hacking: Never hack from home.

paul78

NovaHax wrote: »

The OP asked about performed a DNS zone-transfer. There is a big difference between port scanning (which essentially performs the same packet level actions that are performed whenever you establish a TCP connection) and performing an unauthorized zone-transfer.

I was responding to the topic of zone-transfers. I'm actually quite interested in the topic of cyber-activities which may be considered illegal and the case-law that reflects it. To my knowledge, there is only one state in the US that has every prosecuted for a DNS zone-transfer. A private entity can deem many things as unauthorized but that is generally covered by civil law and not criminal law. If you are aware of any state statutes or federal law that takes a broad view of activities such as DNS zone-transfer, can you please provide a link to that law or court-case? I remember reading the court-case in North Dakota regarding DNS zone-transfer and I thought it was a bit of a stretch. I don't recall ever seeing much in existing Cyberlaw that a prosecutor could claim was a criminal offense. I actually think this is a great topic. And JD's comments are usually the approach that I would expect where most organizations would attempt to avoid both reputational risk from admitting to a zone transfer or assume liability for monitoring such as ISP's.