RE: windowsupdate.com

[Joshua Thomas <JThomas () poweronemedia com>]

'dig' is your friend:

; <<>> DiG 8.3 <<>> windowsupdate.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      windowsupdate.com, type = A, class = IN

;; ANSWER SECTION:
windowsupdate.com.      15M IN A        207.46.134.94
windowsupdate.com.      15M IN A        207.46.134.30

and

; <<>> DiG 8.3 <<>> v3.windowsupdate.microsoft.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;      v3.windowsupdate.microsoft.com, type = A, class = IN

;; ANSWER SECTION:
v3.windowsupdate.microsoft.com.  2H IN CNAME
v3windowsupdate.microsoft.nsatc.net.
v3windowsupdate.microsoft.nsatc.net.  5M IN A  207.46.249.61

;; AUTHORITY SECTION:
nsatc.net.              15h19m43s IN NS  m.ns.nsatc.net.
nsatc.net.              15h19m43s IN NS  a.ns.nsatc.net.
nsatc.net.              15h19m43s IN NS  us-ga-1.ns.nsatc.net.
nsatc.net.              15h19m43s IN NS  h.ns.nsatc.net.

;; ADDITIONAL SECTION:
m.ns.nsatc.net.         14h4m31s IN A   63.121.106.141
a.ns.nsatc.net.         14h4m31s IN A   206.25.8.69
us-ga-1.ns.nsatc.net.   14h28s IN A     63.150.183.46
h.ns.nsatc.net.         14h28s IN A     63.104.225.171

and

; <<>> DiG 8.3 <<>> v4.windowsupdate.microsoft.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;      v4.windowsupdate.microsoft.com, type = A, class = IN

;; ANSWER SECTION:
v4.windowsupdate.microsoft.com.  1h34m17s IN CNAME
v4windowsupdate.microsoft.nsatc.net.
v4windowsupdate.microsoft.nsatc.net.  1S IN A  207.46.249.157

;; AUTHORITY SECTION:
nsatc.net.              15h19m16s IN NS  m.ns.nsatc.net.
nsatc.net.              15h19m16s IN NS  a.ns.nsatc.net.
nsatc.net.              15h19m16s IN NS  us-ga-1.ns.nsatc.net.
nsatc.net.              15h19m16s IN NS  h.ns.nsatc.net.

;; ADDITIONAL SECTION:
m.ns.nsatc.net.         14h4m4s IN A    63.121.106.141
a.ns.nsatc.net.         14h4m4s IN A    206.25.8.69
us-ga-1.ns.nsatc.net.   14h1s IN A      63.150.183.46
h.ns.nsatc.net.         14h1s IN A      63.104.225.171



Joshua Thomas
Network Operations Engineer
PowerOne Media, Inc.
tel: 518-687-6143
jthomas () poweronemedia com 

-----Original Message-----
From: Laurent LEVIER [mailto:llevier () argosnet com]
Sent: Wednesday, August 13, 2003 2:51 PM
To: KF; Andrew Simmons
Cc: Andreas Gietl; Rafa³ ^^MA g^^ Kwa½ny;
full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] windowsupdate.com


Guys,

When you nslookup windowsupdate.microsoft.com, you get a different response 
from the DNS (instead of having multiple IP Addresses for this single
record).

Testing windowsupdate.microsoft.com, then v3.windowsupdate.microsoft.com or 
v4.windowsupdate.microsoft.com, I got multiple answers:
- 207.46.134.29
- 207.46.134.30
- 207.46.134.93
- 207.46.134.94
- 207.46.249.61
- 65.54.249.61
- 65.54.249.254

As you can see, all these are located in 3 C classes.

Brgrds

Laurent LEVIER
IT Systems & Networks Security Expert



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html