Full Disclosure mailing list archives
Re: www.whois.sc
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 15 Jun 2005 00:46:44 +0200
* Jimmy Stewpot:
I have recently seen a web page www.whois.sc. One of the features that they have is a "reverse ip" lookup. With that tool I can lookup the IP address of a server and it will return how many domains are hosted on it. What I have been trying to figure out is how does that work? I did a tcpdump on the server that I looked up and it didnt see any abnormal packets. Does anyone have any idea how that feature works?
I suppose they regularly download zone files (as published by Verisign and others), and perform A record lookups on all listed domains. Probably they try domains prefixed with "www" as well. A good litmus test is the output from 217.16.28.239. Does it include fark.ru and newsteam.ru besides pravda.ru? What about all the pravda.com subdomains? (As far as I know, the RU zone file is not available to the general public.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- www.whois.sc Jimmy Stewpot (Jun 14)
- Re: www.whois.sc Andreas Gietl (Jun 14)
- Re: www.whois.sc tgoogle (Jun 14)
- Re: www.whois.sc Florian Weimer (Jun 14)
- Re: www.whois.sc Andreas Gietl (Jun 14)