Date: Tue, 14 Jun 2005 23:46:00 +0100 (BST)
From: full-disclosure-request@xxxxxxxxxxxxxxxxx
Reply-To: full-disclosure@xxxxxxxxxxxxxxxxx
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Full-Disclosure Digest, Vol 4, Issue 18
Send Full-Disclosure mailing list submissions to
full-disclosure@xxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@xxxxxxxxxxxxxxxxx
You can reach the person managing the list at
full-disclosure-owner@xxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your
post appropriately. Thank you.
Today's Topics:
1. www.whois.sc (Jimmy Stewpot)
2. Re: www.whois.sc (Andreas Gietl)
3. Re: www.whois.sc (tgoogle)
4. iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet
Client Information Disclosure Vulnerability (iDEFENSE Labs)
5. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook
Express NNTP Response Parsing Buffer Overflow Vulnerability
(iDEFENSE Labs)
6. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Web
Access Cross-Site Scripting Vulnerability (iDEFENSE Labs)
7. iDEFENSE Security Advisory 06.14.05: Microsoft Windows
Interactive Training Buffer Overflow Vulnerability (iDEFENSE Labs)
8. Anti-Virus Malformed ZIP Archives flaws [UPDATE] (Thierry Zoller)
9. RE: Exploits Selling / Buying (Ivaylo Zashev)
10. MDKSA-2005:099 - Updated gaim packages fix more
vulnerabilities (Mandriva Security Team)
11. Re: In USA the Government Votes for YOU? - Electronic Voting
Systems'Security, Report (bkfsec)
12. MDKSA-2005:100 - Updated rsh packages fix vulnerability
(Mandriva Security Team)
13. RE: Web application Security Scanner (Cosmin Stejerean)
(Stejerean, Cosmin)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Jun 2005 14:04:12 +0100
From: Jimmy Stewpot <squid@xxxxxxxxxx>
Subject: [Full-disclosure] www.whois.sc
To: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <42AED5CC.9040709@xxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Hello,
I have recently seen a web page www.whois.sc. One of the features that
they have is a "reverse ip" lookup. With that tool I can lookup the IP
address of a server and it will return how many domains are hosted on it.
What I have been trying to figure out is how does that work? I did a
tcpdump on the server that I looked up and it didnt see any abnormal
packets. Does anyone have any idea how that feature works?
For example If lookup the following :
http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
It comes back and shows me several domain names hosted (two to be exact).
Can anyone shed some light on that?
Thanks
------------------------------
Message: 2
Date: Tue, 14 Jun 2005 15:09:46 +0200
From: Andreas Gietl <a.gietl@xxxxxxxxxx>
Subject: Re: [Full-disclosure] www.whois.sc
To: Jimmy Stewpot <squid@xxxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <42AED71A.2060904@xxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
As the results are not very accurate and i see no possibility to gain
these information directly from the host running the ip or any entries
in die ptr for the ip, i guess they just keep a database of domains and
ther ip-adresses and do a lookup on the ip for that ip.
Jimmy Stewpot wrote:
Hello,
I have recently seen a web page www.whois.sc. One of the features that
they have is a "reverse ip" lookup. With that tool I can lookup the IP
address of a server and it will return how many domains are hosted on it.
What I have been trying to figure out is how does that work? I did a
tcpdump on the server that I looked up and it didnt see any abnormal
packets. Does anyone have any idea how that feature works?
For example If lookup the following :
http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
It comes back and shows me several domain names hosted (two to be exact).
Can anyone shed some light on that?
Thanks
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/