Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] www.whois.sc
From: Florian Weimer (fwdeneb.enyo.de)
Date: Tue Jun 14 2005 - 17:46:44 CDT
* Jimmy Stewpot:
> I have recently seen a web page www.whois.sc. One of the features that
> they have is a "reverse ip" lookup. With that tool I can lookup the IP
> address of a server and it will return how many domains are hosted on it.
> What I have been trying to figure out is how does that work? I did a
> tcpdump on the server that I looked up and it didnt see any abnormal
> packets. Does anyone have any idea how that feature works?
I suppose they regularly download zone files (as published by Verisign
and others), and perform A record lookups on all listed domains.
Probably they try domains prefixed with "www" as well.
A good litmus test is the output from 18.104.22.168. Does it include
fark.ru and newsteam.ru besides pravda.ru? What about all the
pravda.com subdomains? (As far as I know, the RU zone file is not
available to the general public.)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/