Penetration Testing mailing list archives
RE: DNS mapping
From: Kluge <kluge () blackroses com>
Date: Mon, 26 Feb 2007 23:51:08 -0500 (EST)
...but now he wants to know if a certain host in a certain domain was actually up and online at any point in the past -- and if it was, he also wants to know which IP it was living on at the time. Neither of which can be gleaned from WHOIS records. The only way to accomplish this kind of query would be for him to set up an automated script that makes daily/regular checks to see if the host in that rootkit's URL is up and log the results. -kluge On Mon, 26 Feb 2007, Walsh, Leo wrote:
For a fee you can see historic whois data for a very large number of domains at DomainTools: http://domain-history.domaintools.com/ I believe you can sign up for free and get a few queries before you'll be required to pay for more searches. -Leo Walsh Jefferson Wells International 816-627-4222 (office) 913-484-8051 (cell) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ken Kousky Sent: Saturday, February 24, 2007 9:22 AM To: 'crazy frog crazy frog'; 'Sergi Rosello' Cc: oivind.lund () gmail com; pen-test () securityfocus com Subject: RE: DNS mapping If I could branch off here - we have a url from a rootkit that points to a site that's been up and down and frequently moved. We'd like to know for a specific date range last year if the site was active and what the IP address would have been. Is there an easy way to find out the IP address for a domain for a particular historic date range other than working with the name registration source? Is there an independent log we could check out? KWK -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of crazy frog crazy frog Sent: Thursday, February 22, 2007 1:23 AM To: Sergi Rosello Cc: oivind.lund () gmail com; pen-test () securityfocus com Subject: Re: DNS mapping http://www.seologs.com/ip-domains.html this will help you.althoug not much accurate. but you can determine the domains hosted on ur ip. On 2/21/07, Sergi Rosello <sergi_75 () yahoo es> wrote: > Try whit it:> > www.dnspython.org > > luck :-) > > --- oivind.lund () gmail com escribió: > > > I was wondering if there is an easy way to write a script to use for> > reverse DNS mapping. > > For instance, inputting the address test.com to the script and then > > having the script reverse mapping the address and testing other > > common DNS names like mail.test.com , web.test.com etc ? > > Or maybe there is a tool available which allows me to do this and > > make my own list of common DNS names ?
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: DNS mapping, (continued)
- Re: DNS mapping crazy frog crazy frog (Feb 23)
- RE: DNS mapping Ken Kousky (Feb 25)
- RE: DNS mapping Gadi Evron (Feb 26)
- Re: DNS mapping crazy frog crazy frog (Feb 23)
- Re: DNS mapping Christophe Kiciak (Feb 21)
- Re: DNS mapping pand0ra (Feb 23)
- Re: DNS mapping pand0ra (Feb 23)
- RE: DNS mapping Marc Ouwerkerk (Feb 23)
- RE: DNS mapping Elias-Bachrach, Ari (721) (Feb 26)
- Re: DNS mapping eugk . 46247495 (Feb 21)
- RE: DNS mapping Walsh, Leo (Feb 26)
- RE: DNS mapping Kluge (Feb 28)
- Re: DNS mapping Christian Martorella (Feb 28)
- Re: DNS mapping Sean Perez (Feb 28)