| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Dec 2004 19:49:46 +0100 From: Jorrit Kronjee <full-disclosure@...pam.wafel.org> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: Again: zone transfers, a spammer's dream? Ralf Glauberman wrote: > Hello all, > after Lode Vermeiren having published on the 7th of December that many > tlds are transferable I did further research on this. Much to my > surprise this wasn't just a problem of little states. i did a complete > scan on all tlds (http://data.iana.org/TLD/tlds-alpha-by-domain.txt) > including every soa and ns server. i got results from 141 out of the > 258 checked tlds. i din't check every single output, but there are not > more than 10 false-positives within these. while the ca zone is secure > now, i was really surprised that be (~ 42 MB, ~ 900.000 records) and > fi (~ 11 MB, ~ 235.000 records) are transferable. > all in all, i found that the following tlds are transferable (also > there might be some false-positives): arpa being one of those false positives (it's hardly exploitable by spammers anyway). Although only a few nameservers of the tld allow zone transfers - and you really have to look for them - it really amazes me that these nameservers aren't properly configured. I'm just glad I don't live in any of these countries. Jorrit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists