| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0506141614190.8521@127.1> Date: Wed Jun 15 00:13:05 2005 From: mms at speakeasy.org (matt sommer) Subject: Re: Full-Disclosure Digest, Vol 4, Issue 18 On Tue, 14 Jun 2005, full-disclosure-request@...ts.grok.org.uk wrote: > Date: Tue, 14 Jun 2005 23:46:00 +0100 (BST) > From: full-disclosure-request@...ts.grok.org.uk > Reply-To: full-disclosure@...ts.grok.org.uk > To: full-disclosure@...ts.grok.org.uk > Subject: Full-Disclosure Digest, Vol 4, Issue 18 > > Send Full-Disclosure mailing list submissions to > full-disclosure@...ts.grok.org.uk > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > or, via email, send a message with subject or body 'help' to > full-disclosure-request@...ts.grok.org.uk > > You can reach the person managing the list at > full-disclosure-owner@...ts.grok.org.uk > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Full-Disclosure digest..." > > > Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. > > > Today's Topics: > > 1. www.whois.sc (Jimmy Stewpot) > 2. Re: www.whois.sc (Andreas Gietl) > 3. Re: www.whois.sc (tgoogle) > 4. iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet > Client Information Disclosure Vulnerability (iDEFENSE Labs) > 5. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook > Express NNTP Response Parsing Buffer Overflow Vulnerability > (iDEFENSE Labs) > 6. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Web > Access Cross-Site Scripting Vulnerability (iDEFENSE Labs) > 7. iDEFENSE Security Advisory 06.14.05: Microsoft Windows > Interactive Training Buffer Overflow Vulnerability (iDEFENSE Labs) > 8. Anti-Virus Malformed ZIP Archives flaws [UPDATE] (Thierry Zoller) > 9. RE: Exploits Selling / Buying (Ivaylo Zashev) > 10. MDKSA-2005:099 - Updated gaim packages fix more > vulnerabilities (Mandriva Security Team) > 11. Re: In USA the Government Votes for YOU? - Electronic Voting > Systems'Security, Report (bkfsec) > 12. MDKSA-2005:100 - Updated rsh packages fix vulnerability > (Mandriva Security Team) > 13. RE: Web application Security Scanner (Cosmin Stejerean) > (Stejerean, Cosmin) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 14 Jun 2005 14:04:12 +0100 > From: Jimmy Stewpot <squid@...nged.to> > Subject: [Full-disclosure] www.whois.sc > To: full-disclosure@...ts.grok.org.uk > Message-ID: <42AED5CC.9040709@...nged.to> > Content-Type: text/plain; charset=ISO-8859-1 > > Hello, > > I have recently seen a web page www.whois.sc. One of the features that > they have is a "reverse ip" lookup. With that tool I can lookup the IP > address of a server and it will return how many domains are hosted on it. > > What I have been trying to figure out is how does that work? I did a > tcpdump on the server that I looked up and it didnt see any abnormal > packets. Does anyone have any idea how that feature works? > > For example If lookup the following : > > http://www.whois.sc/reverse-ip/?lookup=210.193.162.9 > > It comes back and shows me several domain names hosted (two to be exact). > > Can anyone shed some light on that? > > Thanks > > > ------------------------------ > > Message: 2 > Date: Tue, 14 Jun 2005 15:09:46 +0200 > From: Andreas Gietl <a.gietl@...dmin.de> > Subject: Re: [Full-disclosure] www.whois.sc > To: Jimmy Stewpot <squid@...nged.to> > Cc: full-disclosure@...ts.grok.org.uk > Message-ID: <42AED71A.2060904@...dmin.de> > Content-Type: text/plain; charset=ISO-8859-1 > > As the results are not very accurate and i see no possibility to gain > these information directly from the host running the ip or any entries > in die ptr for the ip, i guess they just keep a database of domains and > ther ip-adresses and do a lookup on the ip for that ip. > > Jimmy Stewpot wrote: >> Hello, >> >> I have recently seen a web page www.whois.sc. One of the features that >> they have is a "reverse ip" lookup. With that tool I can lookup the IP >> address of a server and it will return how many domains are hosted on it. >> >> What I have been trying to figure out is how does that work? I did a >> tcpdump on the server that I looked up and it didnt see any abnormal >> packets. Does anyone have any idea how that feature works? >> >> For example If lookup the following : >> >> http://www.whois.sc/reverse-ip/?lookup=210.193.162.9 >> >> It comes back and shows me several domain names hosted (two to be exact). >> >> Can anyone shed some light on that? >> >> Thanks >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > m.
Powered by blists - more mailing lists