[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] windowsupdate.com
- To: "'Laurent LEVIER'" <llevier@argosnet.com>, KF <dotslash@snosoft.com>, Andrew Simmons <andrews@mis-cds.com>
- Subject: RE: [Full-Disclosure] windowsupdate.com
- From: Joshua Thomas <JThomas@poweronemedia.com>
- Date: Wed, 13 Aug 2003 17:40:57 -0400
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [Full-Disclosure] windowsupdate.com</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>'dig' is your friend:</FONT>
</P>
<P><FONT SIZE=2>; <<>> DiG 8.3 <<>> windowsupdate.com</FONT>
<BR><FONT SIZE=2>;; res options: init recurs defnam dnsrch</FONT>
<BR><FONT SIZE=2>;; got answer:</FONT>
<BR><FONT SIZE=2>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2</FONT>
<BR><FONT SIZE=2>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0</FONT>
<BR><FONT SIZE=2>;; QUERY SECTION:</FONT>
<BR><FONT SIZE=2>;; windowsupdate.com, type = A, class = IN</FONT>
</P>
<P><FONT SIZE=2>;; ANSWER SECTION:</FONT>
<BR><FONT SIZE=2>windowsupdate.com. 15M IN A 207.46.134.94</FONT>
<BR><FONT SIZE=2>windowsupdate.com. 15M IN A 207.46.134.30</FONT>
</P>
<P><FONT SIZE=2>and</FONT>
</P>
<P><FONT SIZE=2>; <<>> DiG 8.3 <<>> v3.windowsupdate.microsoft.com</FONT>
<BR><FONT SIZE=2>;; res options: init recurs defnam dnsrch</FONT>
<BR><FONT SIZE=2>;; got answer:</FONT>
<BR><FONT SIZE=2>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2</FONT>
<BR><FONT SIZE=2>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4</FONT>
<BR><FONT SIZE=2>;; QUERY SECTION:</FONT>
<BR><FONT SIZE=2>;; v3.windowsupdate.microsoft.com, type = A, class = IN</FONT>
</P>
<P><FONT SIZE=2>;; ANSWER SECTION:</FONT>
<BR><FONT SIZE=2>v3.windowsupdate.microsoft.com. 2H IN CNAME v3windowsupdate.microsoft.nsatc.net.</FONT>
<BR><FONT SIZE=2>v3windowsupdate.microsoft.nsatc.net. 5M IN A 207.46.249.61</FONT>
</P>
<P><FONT SIZE=2>;; AUTHORITY SECTION:</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m43s IN NS m.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m43s IN NS a.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m43s IN NS us-ga-1.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m43s IN NS h.ns.nsatc.net.</FONT>
</P>
<P><FONT SIZE=2>;; ADDITIONAL SECTION:</FONT>
<BR><FONT SIZE=2>m.ns.nsatc.net. 14h4m31s IN A 63.121.106.141</FONT>
<BR><FONT SIZE=2>a.ns.nsatc.net. 14h4m31s IN A 206.25.8.69</FONT>
<BR><FONT SIZE=2>us-ga-1.ns.nsatc.net. 14h28s IN A 63.150.183.46</FONT>
<BR><FONT SIZE=2>h.ns.nsatc.net. 14h28s IN A 63.104.225.171</FONT>
</P>
<P><FONT SIZE=2>and</FONT>
</P>
<P><FONT SIZE=2>; <<>> DiG 8.3 <<>> v4.windowsupdate.microsoft.com</FONT>
<BR><FONT SIZE=2>;; res options: init recurs defnam dnsrch</FONT>
<BR><FONT SIZE=2>;; got answer:</FONT>
<BR><FONT SIZE=2>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2</FONT>
<BR><FONT SIZE=2>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4</FONT>
<BR><FONT SIZE=2>;; QUERY SECTION:</FONT>
<BR><FONT SIZE=2>;; v4.windowsupdate.microsoft.com, type = A, class = IN</FONT>
</P>
<P><FONT SIZE=2>;; ANSWER SECTION:</FONT>
<BR><FONT SIZE=2>v4.windowsupdate.microsoft.com. 1h34m17s IN CNAME v4windowsupdate.microsoft.nsatc.net.</FONT>
<BR><FONT SIZE=2>v4windowsupdate.microsoft.nsatc.net. 1S IN A 207.46.249.157</FONT>
</P>
<P><FONT SIZE=2>;; AUTHORITY SECTION:</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m16s IN NS m.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m16s IN NS a.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m16s IN NS us-ga-1.ns.nsatc.net.</FONT>
<BR><FONT SIZE=2>nsatc.net. 15h19m16s IN NS h.ns.nsatc.net.</FONT>
</P>
<P><FONT SIZE=2>;; ADDITIONAL SECTION:</FONT>
<BR><FONT SIZE=2>m.ns.nsatc.net. 14h4m4s IN A 63.121.106.141</FONT>
<BR><FONT SIZE=2>a.ns.nsatc.net. 14h4m4s IN A 206.25.8.69</FONT>
<BR><FONT SIZE=2>us-ga-1.ns.nsatc.net. 14h1s IN A 63.150.183.46</FONT>
<BR><FONT SIZE=2>h.ns.nsatc.net. 14h1s IN A 63.104.225.171</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>Joshua Thomas</FONT>
<BR><FONT SIZE=2>Network Operations Engineer</FONT>
<BR><FONT SIZE=2>PowerOne Media, Inc.</FONT>
<BR><FONT SIZE=2>tel: 518-687-6143</FONT>
<BR><FONT SIZE=2>jthomas@poweronemedia.com </FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Laurent LEVIER [<A HREF="mailto:llevier@argosnet.com";>mailto:llevier@argosnet.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Wednesday, August 13, 2003 2:51 PM</FONT>
<BR><FONT SIZE=2>To: KF; Andrew Simmons</FONT>
<BR><FONT SIZE=2>Cc: Andreas Gietl; Rafa³ ^^MA g^^ Kwa½ny;</FONT>
<BR><FONT SIZE=2>full-disclosure@lists.netsys.com</FONT>
<BR><FONT SIZE=2>Subject: Re: [Full-Disclosure] windowsupdate.com</FONT>
</P>
<BR>
<P><FONT SIZE=2>Guys,</FONT>
</P>
<P><FONT SIZE=2>When you nslookup windowsupdate.microsoft.com, you get a different response </FONT>
<BR><FONT SIZE=2>from the DNS (instead of having multiple IP Addresses for this single record).</FONT>
</P>
<P><FONT SIZE=2>Testing windowsupdate.microsoft.com, then v3.windowsupdate.microsoft.com or </FONT>
<BR><FONT SIZE=2>v4.windowsupdate.microsoft.com, I got multiple answers:</FONT>
<BR><FONT SIZE=2>- 207.46.134.29</FONT>
<BR><FONT SIZE=2>- 207.46.134.30</FONT>
<BR><FONT SIZE=2>- 207.46.134.93</FONT>
<BR><FONT SIZE=2>- 207.46.134.94</FONT>
<BR><FONT SIZE=2>- 207.46.249.61</FONT>
<BR><FONT SIZE=2>- 65.54.249.61</FONT>
<BR><FONT SIZE=2>- 65.54.249.254</FONT>
</P>
<P><FONT SIZE=2>As you can see, all these are located in 3 C classes.</FONT>
</P>
<P><FONT SIZE=2>Brgrds</FONT>
</P>
<P><FONT SIZE=2>Laurent LEVIER</FONT>
<BR><FONT SIZE=2>IT Systems & Networks Security Expert</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>Full-Disclosure - We believe in it.</FONT>
<BR><FONT SIZE=2>Charter: <A HREF="http://lists.netsys.com/full-disclosure-charter.html"; TARGET="_blank">http://lists.netsys.com/full-disclosure-charter.html</A></FONT>
</P>
</BODY>
</HTML>