| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Dec 2004 17:32:33 +0100 From: Ralf Glauberman <ralfglauberman@...il.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Again: zone transfers, a spammer's dream? Hello all, after Lode Vermeiren having published on the 7th of December that many tlds are transferable I did further research on this. Much to my surprise this wasn't just a problem of little states. i did a complete scan on all tlds (http://data.iana.org/TLD/tlds-alpha-by-domain.txt) including every soa and ns server. i got results from 141 out of the 258 checked tlds. i din't check every single output, but there are not more than 10 false-positives within these. while the ca zone is secure now, i was really surprised that be (~ 42 MB, ~ 900.000 records) and fi (~ 11 MB, ~ 235.000 records) are transferable. all in all, i found that the following tlds are transferable (also there might be some false-positives): AC AD AG AL AN AO AR ARPA BA BD BE BF BG BI BJ BM BN BO BS BT BV BW CF CI CK CM CU CV CY DJ DZ EC EE EG ER ES ET FI FJ FK FM GA GB GD GE GH GL GN GP GQ GS GT GU GW GY HN IL IN INT IO JM JO KE KG KH KI KM KN KR KY KZ LB LC LK LR LY MA MC MD MG MH MIL MM MN MR MS MT MUSEUM MW MX MY MZ NA NC NE NG NI NP OM PE PG PK PY SG SH SJ SK SM SN SO SR ST SU SV SZ TC TD TH TJ TM TN TO TP TR TT TZ UA UG UK UM UY VA VC VE VG VI VU YE YU ZA ZW so, here comes the old question: What do you think about this? Best regards, Ralf Glauberman _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists