lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6584.131.182.179.153.1176132124.squirrel@slashmail.org>
Date: Mon, 9 Apr 2007 10:22:04 -0500 (EST)
From: "Steven Adair" <steven@...urityzone.org>
To: "Maxim Veksler" <hq4ever@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DNS mining ?

There are numerous tools out there that will take IP addresses and report
back [all] the domains on them.  The best one I came across some time
about was the Reverse IP search from www.domaintools.com.  Unfortunately
to get the entire list you have to pay now -- I think.  You used to just
be able to register for a free account that would let you do 5 searches a
day and show you all the domains.  So if one IP had 3000 domains on it, it
would let you go through all of them, and that was one search.  Now you
can just see a small selection.

There are all similar tools on the Internet.  Someone posted a while back
on Full Disclosure and Security Focus about how to find all the domains on
a particular IP.  There were a few websites that people listed.  Usually
when used in conjunction with one another they would accurate list most of
the domains on an IP.  However, after using those and then finding this
site, I found this tool to always equal to or better than using the
combination of others.

So just take Google IP addresses, such as on the IP your rfsee.net is on
(72.14.207.99) and put it in their Reverse IP lookup.

http://www.domaintools.com/reverse-ip/

I forgot the other websites.  I suppose they would be better now that this
search is limited.

Steven


> Hello,
>
> I have a domain name which has it's primary A record pointing at google.
> This domain hasn't been published anywhere and is very low traffic,
> surprisingly this guy has it listed as one of the entries pointing to
> google:
>
> http://72.14.205.104/search?q=cache:Vp6UWUf7NmMJ:mousecave.com/google/+rfsee.net
>
> His list is correct, question is how could he possibly compose it?
> Scanning the whole [[:alnum:]]{1,30} dns range is impractical. I find
> it hard to believe he is sniffing some major backbone router for
> traffic and having access to a root DNS won't help him much (IMHO).
> How could he then have done it? The only option I can think of is that
> he is working @google or has backdoor access to google indexing
> service which allows him to query for info such as "With what header
> did the http request came to the server".
>
> I find this highly intriguing.
>
> Ideas are welcome.
>
> --
> Cheers,
> Maxim Veksler
>
> "Free as in Freedom" - Do u GNU ?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> !DSPAM:461a41ec247451260181254!
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ