[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: www.whois.sc (Florian Weimer)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: www.whois.sc (Florian Weimer)
From: mike bailey <worried@xxxxxxxxx>
Date: Wed, 15 Jun 2005 07:20:40 -0400

Florian Weimer Said:

I have recently seen a web page www.whois.sc. One of the features that
they have is a "reverse ip" lookup. With that tool I can lookup the IP
address of a server and it will return how many domains are hosted on it.

What I have been trying to figure out is how does that work? I did a
tcpdump on the server that I looked up and it didnt see any abnormal
packets. Does anyone have any idea how that feature works?


I know the website http://whois.webhosting.info also offers this feature. 
I've come to the conclusion that they just spider the web for domain names, 
obtain a dns record, and then store the result in a database. 
whois.webhost.info also offers the ability to check what company owns that ip 
block. Which is probably just returned from whois.arin.net . But it may also 
take reverse dns replies into consideration.

Love,
Mike Bailey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Re: www.whois.sc (Florian Weimer)
  - From: Florian Weimer

Prev by Date: [Full-disclosure] Mambo 4.5.2.2 SQL Injection in UPDATE statement
Next by Date: [Full-disclosure] [USN-140-1] Gaim vulnerability
Previous by thread: [Full-disclosure] Mambo 4.5.2.2 SQL Injection in UPDATE statement
Next by thread: Re: [Full-disclosure] Re: www.whois.sc (Florian Weimer)
Index(es):
- Date
- Thread