More on Windows 2003

Well today I decided to map out DNS services on Windows 2003. It is no surprise that nothing has changed except for the appearance of the DNS icon in the MMC.

The reason I posted this under the Microsoft Security Forum is because by default, the DNS server will supply zone transfers to anyone who asks. For those who don't understand the significance of this awful setting, it would be similar to asking an enemy commander for a map of each of his divisions on the battlefield and thier names and he gladly gives it up to you. Seriously though, once you dump a zone transfer, you have a buffet of targets and a wealth of information about the target network.

Thanks to Microsoft who has no doublt delivered on the promise of a much more security-oriented operating system out of the box. ;)

Stay tuned, I have many more areas to poke around on the W2K3 platform.

--TH13

im not suprised about another microsoft exploit in their developments

Actually, it is more of a base configuration issue more than anything else. Windows 2000 Server also has zone transfers set to any by default. I just can't understand why they would leave this setting on unless there is some NT4 reverse compatibility issue or something of the like. I guess I have a mystery to solve now. :)

--TH13

Thanx for sharing Thehorse.
Even by hiring hackers M$ is still not able go offer proper default configuration with security consideration.
That's a typical example of the large waste of time M$ imply to customers.