Microsoft DNS Server - DNS Zone Transfers from high ports
| decod-dns-zone (1226) |  Low Risk |
Description:
A DNS zone transfer that originates from a non-privileged port number (above 1024) suggests that the zone transfer is occurring between your DNS server and a DNS client program, such as nslookup. Zone transfers contain a list of the systems on your network. Such information could be useful to an attacker in performing an attack.
Consequences:
Obtain Information
Remedy:
Observe the source address, and watch for additional events originating at that address. Configure your DNS server to disallow zone transfers from systems other than the peer DNS servers it must participate with, or at least from non-privileged port numbers. If it is a standalone DNS server, disallow zone transfers entirely.
References:
Platforms Affected:
- DNS DNS
- Various vendors Any application
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net