lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 10 Apr 2007 22:43:24 +0200
From: "Maxim Veksler" <hq4ever@...il.com>
To: steven@...shmail.org
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DNS mining ?

On 4/9/07, Steven <steven@...shmail.org> wrote:
> There are numerous tools out there that will take IP addresses and report
> back [all] the domains on them.  The best one I came across some time
> about was the Reverse IP search from www.domaintools.com.  Unfortunately
> to get the entire list you have to pay now -- I think.  You used to just
> be able to register for a free account that would let you do 5 searches a
> day and show you all the domains.  So if one IP had 3000 domains on it, it
> would let you go through all of them, and that was one search.  Now you
> can just see a small selection.
>
> There are all similar tools on the Internet.  Someone posted a while back
> on Full Disclosure and Security Focus about how to find all the domains on
> a particular IP.  There were a few websites that people listed.  Usually
> when used in conjunction with one another they would accurate list most of
> the domains on an IP.  However, after using those and then finding this
> site, I found this tool to always equal to or better than using the
> combination of others.
>
> So just take Google IP addresses, such as on the IP your rfsee.net is on
> (72.14.207.99) and put it in their Reverse IP lookup.
>
> http://www.domaintools.com/reverse-ip/
>
> I forgot the other websites.  I suppose they would be better now that this
> search is limited.
>

That clears the picture a-lot of "how" the list of sites pointing at
google.com was composed, but more generally speaking it's just passing
the stick from one guy to another corporation. OK, this guy copied the
list generated using domaintools.com reverse-ip lookup utility, great.
Still the question remains - How do they do it? What/How are they
monitoring to keep their database up to date?

Never the less, thanks for the very helpful pointer.

> Steven
>

Maxim.

> > Hello,
> >
> > I have a domain name which has it's primary A record pointing at google.
> > This domain hasn't been published anywhere and is very low traffic,
> > surprisingly this guy has it listed as one of the entries pointing to
> > google:
> >
> > http://72.14.205.104/search?q=cache:Vp6UWUf7NmMJ:mousecave.com/google/+rfsee.net
> >
> > His list is correct, question is how could he possibly compose it?
> > Scanning the whole [[:alnum:]]{1,30} dns range is impractical. I find
> > it hard to believe he is sniffing some major backbone router for
> > traffic and having access to a root DNS won't help him much (IMHO).
> > How could he then have done it? The only option I can think of is that
> > he is working @google or has backdoor access to google indexing
> > service which allows him to query for info such as "With what header
> > did the http request came to the server".
> >
> > I find this highly intriguing.
> >
> > Ideas are welcome.
> >
> > --
> > Cheers,
> > Maxim Veksler
> >
> > "Free as in Freedom" - Do u GNU ?
> >
-- 


Cheers,
Maxim Veksler

"Free as in Freedom" - Do u GNU ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ