Full Disclosure mailing list archives
Verisign abusing .COM/.NET - nothing new..
From: Roelof Temmingh <roelof () sensepost com>
Date: Wed, 17 Sep 2003 14:48:04 +0200 (SAST)
Hi all, Abusing a TLD is nothing new...it's just recently that Verisign has done it with .com and .net. There are many other TLDs that are "sucked up". Sub TLDs also get sucked in...I am not listing them all here. Hereby some of the TLD A record suckers: .cc 206.253.214.101 .sh 194.205.62.62 .cx 219.88.106.80 .td 146.101.245.154 .tm 194.205.62.42 .tv 65.201.175.144 .mp 202.128.12.163 .ws 216.35.187.246 .ph 203.119.4.6 .io 194.205.62.107 and now: .com 64.94.110.11 .net 64.94.110.11 Also - the list change every day - don't ever hard code any of this - rather look at the attached PERL script to do it in real time. Furthermore - many TLD's MX records also get sucked in. Attached is a PERL module that we have been using for a while within our BigRed Security Assessment Console that will expand any number of domains to all their TLDs. For instance, after running the PERL script on sensepost.com it returns sensepost.co.za, sensepost.com and sensepost.co.uk. It weeds out all the other A and MX "suckers". It works 99% - every now and again one or two template domains slips in (especially where dynamic DNS is used, or entries are changed rapidly). The PERL script works as a stand-alone script - you don't need to purchase the BigRed framework to use it. Tested on FreeBSD - it called nslookup externally - so maybe just look at the call itself if you are not getting joy. Also - please set the nameserver. The default one in there should work fine but could be a bit slow. Enjoy, Roelof. ===================== Roelof Temmingh roelof () sensepost com +27 12 667 4737 GMT+2 =====================
Attachment:
exp-tld2-public.pl
Description:
Current thread:
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new, (continued)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new D. Ian Miller (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Ron DuFresne (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Joshua Levitsky (Sep 17)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 18)
- Re: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Edward Rustin (Sep 18)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new D. Ian Miller (Sep 17)
- RE: Re: Verisign abusing .COM/.NET monopoly, BIND releases new Rick Kingslan (Sep 17)
- RE: Verisign abusing .COM/.NET monopoly, BIND releases new Rainer Gerhards (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Nexus (Sep 17)
- RE: Verisign abusing .COM/.NET monopoly, BIND releases new Rainer Gerhards (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Michael Renzmann (Sep 17)
- Verisign abusing .COM/.NET - nothing new.. Roelof Temmingh (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Michael Renzmann (Sep 17)
- RE: Verisign abusing .COM/.NET monopoly, BIND releases new Rainer Gerhards (Sep 17)
- RE: Verisign abusing .COM/.NET monopoly, BIND releases new Thor Larholm (Sep 17)
- RE: Verisign abusing .COM/.NET monopoly, BIND releases new Jonathan A. Zdziarski (Sep 17)
- Re: Verisign abusing .COM/.NET monopoly, BIND releases new Peter Busser (Sep 19)