Hi All, I've been using DNSENUM.PL via BackTrack to do some information gathering on my work's network. I've noticed something that I think is rather odd, and my curious nature has got me wondering "how?" Unfortunately, Googling hasn't shed much light on my question.
So, not all of my DNS sub domains show up in a simple scan. For example, I know I have VPN.blah.org. I can ping it, it's how I VPN into my organization, yet it doesn't show up in a regular DNSENUM scan. I have to use the brute force option with a dictionary file. Other sub domains, such as news.blah.org, www.blah.org or ftp.blah.org show up no problem. I don't understand the mechanics of how this is happening. What's allowing me to ping VPN.blah.org, but doesn't allows DNSENUM to find it? What exactly is brute forcing DNS doing? Why do some subdomains show up without the use of brute force and others don't? -- Chris O'Connell http://outlookoutbox.blogspot.com _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
