Re: Full-disclosure Digest, Vol 4, Issue 18

[matt sommer <mms () speakeasy org>]

On Tue, 14 Jun 2005, full-disclosure-request () lists grok org uk wrote:

> Date: Tue, 14 Jun 2005 23:46:00 +0100 (BST)
> From: full-disclosure-request () lists grok org uk
> Reply-To: full-disclosure () lists grok org uk
> To: full-disclosure () lists grok org uk
> Subject: Full-disclosure Digest, Vol 4, Issue 18
>
> Send Full-Disclosure mailing list submissions to
>         full-disclosure () lists grok org uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>         full-disclosure-request () lists grok org uk
>
> You can reach the person managing the list at
>         full-disclosure-owner () lists grok org uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
>
>
> Today's Topics:
>
>   1. www.whois.sc (Jimmy Stewpot)
>   2. Re: www.whois.sc (Andreas Gietl)
>   3. Re: www.whois.sc (tgoogle)
>   4. iDEFENSE Security Advisory 06.14.05: Multiple      Vendor Telnet
>      Client Information Disclosure Vulnerability (iDEFENSE Labs)
>   5. iDEFENSE Security Advisory 06.14.05: Microsoft     Outlook
>      Express NNTP Response Parsing Buffer Overflow Vulnerability
>      (iDEFENSE Labs)
>   6. iDEFENSE Security Advisory 06.14.05: Microsoft     Outlook Web
>      Access Cross-Site Scripting Vulnerability (iDEFENSE Labs)
>   7. iDEFENSE Security Advisory 06.14.05: Microsoft     Windows
>      Interactive Training Buffer Overflow Vulnerability (iDEFENSE Labs)
>   8. Anti-Virus Malformed ZIP Archives flaws [UPDATE] (Thierry Zoller)
>   9. RE: Exploits Selling / Buying (Ivaylo Zashev)
>  10. MDKSA-2005:099 - Updated gaim packages fix more
>      vulnerabilities (Mandriva Security Team)
>  11. Re: In USA the Government Votes for YOU?   -       Electronic Voting
>      Systems'Security, Report (bkfsec)
>  12. MDKSA-2005:100 - Updated rsh packages fix  vulnerability
>      (Mandriva Security Team)
>  13. RE: Web application Security Scanner (Cosmin       Stejerean)
>      (Stejerean, Cosmin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 14 Jun 2005 14:04:12 +0100
> From: Jimmy Stewpot <squid () oranged to>
> Subject: [Full-disclosure] www.whois.sc
> To: full-disclosure () lists grok org uk
> Message-ID: <42AED5CC.9040709 () oranged to>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello,
>
> I have recently seen a web page www.whois.sc. One of the features that
> they have is a "reverse ip" lookup. With that tool I can lookup the IP
> address of a server and it will return how many domains are hosted on it.
>
> What I have been trying to figure out is how does that work? I did a
> tcpdump on the server that I looked up and it didnt see any abnormal
> packets. Does anyone have any idea how that feature works?
>
> For example If lookup the following :
>
> http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
>
> It comes back and shows me several domain names hosted (two to be exact).
>
> Can anyone shed some light on that?
>
> Thanks
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 14 Jun 2005 15:09:46 +0200
> From: Andreas Gietl <a.gietl () e-admin de>
> Subject: Re: [Full-disclosure] www.whois.sc
> To: Jimmy Stewpot <squid () oranged to>
> Cc: full-disclosure () lists grok org uk
> Message-ID: <42AED71A.2060904 () e-admin de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> As the results are not very accurate and i see no possibility to gain
> these information directly from the host running the ip or any entries
> in die ptr for the ip, i guess they just keep a database of domains and
> ther ip-adresses and do a lookup on the ip for that ip.
>
> Jimmy Stewpot wrote:
> > Hello,
> >
> > I have recently seen a web page www.whois.sc. One of the features that
> > they have is a "reverse ip" lookup. With that tool I can lookup the IP
> > address of a server and it will return how many domains are hosted on it.
> >
> > What I have been trying to figure out is how does that work? I did a
> > tcpdump on the server that I looked up and it didnt see any abnormal
> > packets. Does anyone have any idea how that feature works?
> >
> > For example If lookup the following :
> >
> > http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
> >
> > It comes back and shows me several domain names hosted (two to be exact).
> >
> > Can anyone shed some light on that?
> >
> > Thanks
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

m.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/