Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS mining ?

From: "Steven Adair" <steven () securityzone org>
Date: Mon, 9 Apr 2007 10:22:04 -0500 (EST)
There are numerous tools out there that will take IP addresses and report
back [all] the domains on them.  The best one I came across some time
about was the Reverse IP search from www.domaintools.com.  Unfortunately
to get the entire list you have to pay now -- I think.  You used to just
be able to register for a free account that would let you do 5 searches a
day and show you all the domains.  So if one IP had 3000 domains on it, it
would let you go through all of them, and that was one search.  Now you
can just see a small selection.

There are all similar tools on the Internet.  Someone posted a while back
on Full Disclosure and Security Focus about how to find all the domains on
a particular IP.  There were a few websites that people listed.  Usually
when used in conjunction with one another they would accurate list most of
the domains on an IP.  However, after using those and then finding this
site, I found this tool to always equal to or better than using the
combination of others.

So just take Google IP addresses, such as on the IP your rfsee.net is on
(72.14.207.99) and put it in their Reverse IP lookup.

http://www.domaintools.com/reverse-ip/

I forgot the other websites.  I suppose they would be better now that this
search is limited.

Steven



Hello,

I have a domain name which has it's primary A record pointing at google.
This domain hasn't been published anywhere and is very low traffic,
surprisingly this guy has it listed as one of the entries pointing to
google:

http://72.14.205.104/search?q=cache:Vp6UWUf7NmMJ:mousecave.com/google/+rfsee.net

His list is correct, question is how could he possibly compose it?
Scanning the whole [[:alnum:]]{1,30} dns range is impractical. I find
it hard to believe he is sniffing some major backbone router for
traffic and having access to a root DNS won't help him much (IMHO).
How could he then have done it? The only option I can think of is that
he is working @google or has backdoor access to google indexing
service which allows him to query for info such as "With what header
did the http request came to the server".

I find this highly intriguing.

Ideas are welcome.

--
Cheers,
Maxim Veksler

"Free as in Freedom" - Do u GNU ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

!DSPAM:461a41ec247451260181254!




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: