lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <f7816dde041229083279112ad0@mail.gmail.com>
Date: Wed, 29 Dec 2004 17:32:33 +0100
From: Ralf Glauberman <ralfglauberman@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Again: zone transfers, a spammer's dream?


Hello all,
after Lode Vermeiren having published on the 7th of December that many
tlds are transferable I did further research on this. Much to my
surprise this wasn't just a problem of little states. i did a complete
scan on all tlds (http://data.iana.org/TLD/tlds-alpha-by-domain.txt)
including every soa and ns server. i got results from 141 out of the
258 checked tlds. i din't check every single output, but there are not
more than 10 false-positives within these. while the ca zone is secure
now, i was really surprised that be (~ 42 MB, ~ 900.000 records) and
fi (~ 11 MB, ~ 235.000 records) are transferable.
all in all, i found that the following tlds are transferable (also
there might be some false-positives):
AC
AD
AG
AL
AN
AO
AR
ARPA
BA
BD
BE
BF
BG
BI
BJ
BM
BN
BO
BS
BT
BV
BW
CF
CI
CK
CM
CU
CV
CY
DJ
DZ
EC
EE
EG
ER
ES
ET
FI
FJ
FK
FM
GA
GB
GD
GE
GH
GL
GN
GP
GQ
GS
GT
GU
GW
GY
HN
IL
IN
INT
IO
JM
JO
KE
KG
KH
KI
KM
KN
KR
KY
KZ
LB
LC
LK
LR
LY
MA
MC
MD
MG
MH
MIL
MM
MN
MR
MS
MT
MUSEUM
MW
MX
MY
MZ
NA
NC
NE
NG
NI
NP
OM
PE
PG
PK
PY
SG
SH
SJ
SK
SM
SN
SO
SR
ST
SU
SV
SZ
TC
TD
TH
TJ
TM
TN
TO
TP
TR
TT
TZ
UA
UG
UK
UM
UY
VA
VC
VE
VG
VI
VU
YE
YU
ZA
ZW

so, here comes the old question: What do you think about this?

Best regards,
Ralf Glauberman
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ