[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031224015813.NFFE184278.fep03-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: visa XSS?
You missed the point. The IP does NOT belong to nac.net but
dns-nac-zone.com, a completely different domain.
Here is information for that domain (notice that QLD AU means Queensland
Australia )
C:\Documents and Settings\Bill>host 64.21.80.2
2.80.21.64.in-addr.arpa domain name pointer panther.dns-nac-zone.com.
C:\Documents and Settings\Bill>whois dns-nac-zone.com
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: DNS-NAC-ZONE.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: SEC.DNS-NAC-ZONE.COM
Name Server: NS.DNS-NAC-ZONE.COM
Name Server: NS0.DNS-NAC-ZONE.COM
Status: REGISTRAR-LOCK
Updated Date: 15-dec-2003
Creation Date: 28-dec-2002
Expiration Date: 28-dec-2004
>>> Last update of whois database: Tue, 23 Dec 2003 18:35:11 EST <<<
Found a referral to whois.enom.com.
Registration Service Provided By: Need A Dot Com?
Contact: kbritt@...da.com
Visit: http://www.needa.com
Domain name: dns-nac-zone.com
Registrant Contact:
dns-nac-zone.com
Robbie Walker (admin@...-nac-zone.com)
N/A
Fax: N/A
P.O Box 3439
Toowoomba, QLD 4350
AU
Administrative Contact:
dns-nac-zone.com
Robbie Walker (admin@...-nac-zone.com)
N/A
Fax: N/A
P.O Box 3439
Toowoomba, QLD 4350
AU
Technical Contact:
dns-nac-zone.com
Robbie Walker (admin@...-nac-zone.com)
N/A
Fax: N/A
P.O Box 3439
Toowoomba, QLD 4350
AU
Billing Contact:
dns-nac-zone.com
Robbie Walker (admin@...-nac-zone.com)
N/A
Fax: N/A
P.O Box 3439
Toowoomba, QLD 4350
AU
Status: registrar-lock
Name Servers:
ns.dns-nac-zone.com
ns0.dns-nac-zone.com
sec.dns-nac-zone.com
Creation date: 28 Dec 2002 23:56:54
Expiration date: 28 Dec 2004 23:56:54
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Scott Anderson
Sent: December 23, 2003 5:43 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] visa XSS?
How is this located in Queensland. Arin clearly states:
OrgName: Net Access Corporation
OrgID: NAC
Address: 1719 STE RT 10E
Address: Suite 111
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
Am I missing something?
-----Original Message-----
From: Adam Hunt [mailto:adam@...trecruiting.com]
Sent: Wednesday, 24 December 2003 3:29
To: jan.muenther@...ns.com; Mauro Flores
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] visa XSS?
this is not nac.net
it's a completely different netblock blah blah
it's some punk in Queensland AU
Robbie Walker
and if some one is sniffing from nac.net it's too bad for them because
nac.net
is run by some completely incompetent MS dorks who at some point switched to
freeBSD and are learning by the seat of there pants (I know because I use to
be a customer DSL was great from them because they knew nothing about
bandwidth management and I took a entry levle class with a senior bandwidth
manager) as well I am regularly taking there customers and doing
development,
and hosting for them because of the downtime probs and security issues that
nac.net is continually plagued with and I usually save the clients between
50
and 75 % of there yearly bill with better service.
I'm just righting this to poke the nose of nac.net.
Adam
On Tuesday 23 December 2003 08:10 am, jan.muenther@...ns.com wrote:
> > I went to http://64.21.80.2/~gotier/verified_by_visa.htm, this guy is
> > using a php script to get card numbers and pins, I think that someone is
> > going to have a merry christmas :)
>
>Heh, true. Did you write the connecting ISP (nac.net) an abuse email? The
>box is running quite a bunch of services, of which quite a few are plain
>text ones, so I'd guess the kid has sniffed them somewhere and replaced
>this poor guy's pages in his home dir...
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________
Get less junk mail with ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists