lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed Jun 15 00:13:05 2005
From: mms at speakeasy.org (matt sommer)
Subject: Re: Full-Disclosure Digest, Vol 4, Issue 18

On Tue, 14 Jun 2005, full-disclosure-request@...ts.grok.org.uk wrote:

> Date: Tue, 14 Jun 2005 23:46:00 +0100 (BST)
> From: full-disclosure-request@...ts.grok.org.uk
> Reply-To: full-disclosure@...ts.grok.org.uk
> To: full-disclosure@...ts.grok.org.uk
> Subject: Full-Disclosure Digest, Vol 4, Issue 18
> 
> Send Full-Disclosure mailing list submissions to
> 	full-disclosure@...ts.grok.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> 	full-disclosure-request@...ts.grok.org.uk
>
> You can reach the person managing the list at
> 	full-disclosure-owner@...ts.grok.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
>
>
> Today's Topics:
>
>   1. www.whois.sc (Jimmy Stewpot)
>   2. Re: www.whois.sc (Andreas Gietl)
>   3. Re: www.whois.sc (tgoogle)
>   4. iDEFENSE Security Advisory 06.14.05: Multiple	Vendor Telnet
>      Client Information Disclosure Vulnerability (iDEFENSE Labs)
>   5. iDEFENSE Security Advisory 06.14.05: Microsoft	Outlook
>      Express NNTP Response Parsing Buffer Overflow Vulnerability
>      (iDEFENSE Labs)
>   6. iDEFENSE Security Advisory 06.14.05: Microsoft	Outlook Web
>      Access Cross-Site Scripting Vulnerability (iDEFENSE Labs)
>   7. iDEFENSE Security Advisory 06.14.05: Microsoft	Windows
>      Interactive Training Buffer Overflow Vulnerability (iDEFENSE Labs)
>   8. Anti-Virus Malformed ZIP Archives flaws [UPDATE] (Thierry Zoller)
>   9. RE: Exploits Selling / Buying (Ivaylo Zashev)
>  10. MDKSA-2005:099 - Updated gaim packages fix more
>      vulnerabilities (Mandriva Security Team)
>  11. Re: In USA the Government Votes for YOU?	-	Electronic Voting
>      Systems'Security, Report (bkfsec)
>  12. MDKSA-2005:100 - Updated rsh packages fix	vulnerability
>      (Mandriva Security Team)
>  13. RE: Web application Security Scanner (Cosmin	Stejerean)
>      (Stejerean, Cosmin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 14 Jun 2005 14:04:12 +0100
> From: Jimmy Stewpot <squid@...nged.to>
> Subject: [Full-disclosure] www.whois.sc
> To: full-disclosure@...ts.grok.org.uk
> Message-ID: <42AED5CC.9040709@...nged.to>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello,
>
> I have recently seen a web page www.whois.sc. One of the features that
> they have is a "reverse ip" lookup. With that tool I can lookup the IP
> address of a server and it will return how many domains are hosted on it.
>
> What I have been trying to figure out is how does that work? I did a
> tcpdump on the server that I looked up and it didnt see any abnormal
> packets. Does anyone have any idea how that feature works?
>
> For example If lookup the following :
>
> http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
>
> It comes back and shows me several domain names hosted (two to be exact).
>
> Can anyone shed some light on that?
>
> Thanks
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 14 Jun 2005 15:09:46 +0200
> From: Andreas Gietl <a.gietl@...dmin.de>
> Subject: Re: [Full-disclosure] www.whois.sc
> To: Jimmy Stewpot <squid@...nged.to>
> Cc: full-disclosure@...ts.grok.org.uk
> Message-ID: <42AED71A.2060904@...dmin.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> As the results are not very accurate and i see no possibility to gain
> these information directly from the host running the ip or any entries
> in die ptr for the ip, i guess they just keep a database of domains and
> ther ip-adresses and do a lookup on the ip for that ip.
>
> Jimmy Stewpot wrote:
>> Hello,
>>
>> I have recently seen a web page www.whois.sc. One of the features that
>> they have is a "reverse ip" lookup. With that tool I can lookup the IP
>> address of a server and it will return how many domains are hosted on it.
>>
>> What I have been trying to figure out is how does that work? I did a
>> tcpdump on the server that I looked up and it didnt see any abnormal
>> packets. Does anyone have any idea how that feature works?
>>
>> For example If lookup the following :
>>
>> http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
>>
>> It comes back and shows me several domain names hosted (two to be exact).
>>
>> Can anyone shed some light on that?
>>
>> Thanks
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

m.

Powered by blists - more mailing lists