DNS Enumeration

DNS Enumeration

DNS Enumeration, also known as Domain Name Server Enumeration, consists of locating DNS servers and their correlated records associated with an organization’s domain. This is done to find large amounts of information. The DNS system often holds various types of data associated with a domain. The information found can detail services running on a network as well as server names and internet protocol addresses (IP addresses).

Systems like Windows Active Directory, IP Telephony, and Backup Systems rely on the DNS system to operate properly inside many organizations. Because the DNS system is an important service that aids an administrator in simplifying their configuration infrastructure, attackers are known to perform DNS enumeration in the first stages of an attack to gather information on a targeted network. Information gathered by DNS Enumeration can be used by an attacker in various breaches, especially while initiating DNS Tunneling.

Below are some of the tools that an attacker can use to initiate DNS enumeration:

  • American Registry for Internet Numbers (ARIN)
  • NSlookup
  • DNSstuff
  • Whois

DNS Enumeration is a form of OSINT (Open Source Intelligence), which is built into the Threatcare Suite. Administrators looking for a way to protect their infrastructures from successful DNS Enumerations have options for alternative DNS system configurations.

There are two common ways an organization could configure their DNS system. In the first configuration the client can host an external DNS system for the internet’s external registered servers, and an internal DNS system for active directory. In the second configuration the client can use the same hosted DNS system for external and internal use.

Organizations that choose the first configured setup are inherently more secure. Any malicious persons trying to perform DNS enumeration from outside the external DNS system will not initially have bridged access to any internal naming structures within the organization.

There various Name Servers that can be listed when performing DNS enumeration like Address records, Canonical name records, and mail exchange records. With a secure DNS system in place, DNS enumeration techniques can be deterred from retrieving internal usernames, IP addresses of targeted systems, and computer names.

Organizations use the Threatcare Suite to get an attacker’s view of their company. The Suite enables organizations to launch attack simulations in a benign manner to test their defense-in-depth. The Threatcare Suite is a BAS technology (Breach and Attack Simulation Technology). Request a free demo today.