DNS traceroute and Scan ports
First Part: DNS traceroute
In the internet,hackers always want to find more informations about target machine,such as IP address and domain name.So DNS becomes the target hackes want to attack first.
The best DNS server is BIND in the Linux world, are developed and maintained by Internet Software Consortium who also do the same thing in DHCP and INN projects.BIND 4.0 is the stablest, BIND8.0 is released later,and BIND 9.0 is the latest release. Note: keep the BIND release to the latest will be benifit for higher security.
There are three common tools working on DNS information:nslookup,dig,host.
# nslookup
Query Internet name servers interactively.Note:nslookup is deprecated and may be removed from future releases.Consider using the “dig” or “host” programs instead.We could get the DNS server IP in the /etc/resolv.conf,for example:
# cat /etc/resolve.conf nameserver 202.96.143.133
DNS lookup utility.DNS criterion contains the following items:
SOA: include the email of Administrotor and updating information.
A: IP of local host
CNAME: alies name of local host
PTR: mapping from IP to host
HINFO: the structure and operating system of host
TXT: Additional descritption
RP: the master’s email address
# host -t txt www.example.com # host -t '*' www.expample.com
Reverse resolving by issuing the following command:
# host 202.112.20.133 sea.whnet.edu.cn
DNS criteron should be in high security mode but they are so weak now.Hackers invades the DNS server,and response the cheaping program to the user’s request before the really IP resolving result sent by DNS,then hackers could control the user’s system.To make DNS more stronger,DNSSEC was developed.
The location of host is useful,if hackers want to start Dos attacking from invaded hosts,it seems more effective from those machines invaded which is near the target host.Traceroute are used for detecting hosts passed from localhost to target host.
#traceroute
Second Part: Scan ports
# nmap
nmap is used to detect which port of remote host is opened.and issue the following command could get the operating system of remote host:
# nmap -O remote-host # nmap -P0(number zero) remote-host (forcing scan mode)
How to prevent nmap scan? /etc/issue records those information including operating system and kernel release.we could change the information or recommend those lines in order to do not let the hacker know more about our system.In some case,/etc/issue would be modified by other processes or operating system after rebooting system,we could issue the following command to protect it:
# chattr + i /etc/issue
As the same as /etc/issue,the file locates in “/etc/mail/sendmail.cf” shuold be noticed,too.