OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] www.whois.sc

From: Andreas Gietl (a.gietle-admin.de)
Date: Tue Jun 14 2005 - 08:09:46 CDT


As the results are not very accurate and i see no possibility to gain
these information directly from the host running the ip or any entries
in die ptr for the ip, i guess they just keep a database of domains and
ther ip-adresses and do a lookup on the ip for that ip.

Jimmy Stewpot wrote:
> Hello,
>
> I have recently seen a web page www.whois.sc. One of the features that
> they have is a "reverse ip" lookup. With that tool I can lookup the IP
> address of a server and it will return how many domains are hosted on it.
>
> What I have been trying to figure out is how does that work? I did a
> tcpdump on the server that I looked up and it didnt see any abnormal
> packets. Does anyone have any idea how that feature works?
>
> For example If lookup the following :
>
> http://www.whois.sc/reverse-ip/?lookup=210.193.162.9
>
> It comes back and shows me several domain names hosted (two to be exact).
>
> Can anyone shed some light on that?
>
> Thanks
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--
e-admin internet gmbh
Andreas Gietl tel +49 941 3790392 (sipgate)
Ludwig-Thoma-Strasse 35
93051 Regensburg mobil +49 171 6070008

PGP/GPG-Key unter http://www.e-admin.de/gpg.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/