New Version of dnsmap out!

We just released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration.

Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. [...]

more | comments | comments rss | posted by

Name (mDNS) Poisoning Attacks inside the LAN

How easy is for attackers to compromise the LAN? Answer: Very easy! With a few simple tricks, attackers can easily poison the local name resolution system for the machines inside a given LAN. Network Devices and Apple products are most vulnerable among others of course.

It is all due to mDNS. From Wikipedia’s article:

The problem with mDNS is that it is spoof-able. Here is how it works. A mDNS enabled client will perform a mDNS query on a multicast address. [...]

more | comments | comments rss | posted by