On Tue, 14 Jun 2005, [EMAIL PROTECTED] wrote:
Date: Tue, 14 Jun 2005 23:46:00 +0100 (BST) From: [EMAIL PROTECTED] Reply-To: [email protected] To: [email protected] Subject: Full-Disclosure Digest, Vol 4, Issue 18Send Full-Disclosure mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. www.whois.sc (Jimmy Stewpot) 2. Re: www.whois.sc (Andreas Gietl) 3. Re: www.whois.sc (tgoogle) 4. iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability (iDEFENSE Labs) 5. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability (iDEFENSE Labs) 6. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Web Access Cross-Site Scripting Vulnerability (iDEFENSE Labs) 7. iDEFENSE Security Advisory 06.14.05: Microsoft Windows Interactive Training Buffer Overflow Vulnerability (iDEFENSE Labs) 8. Anti-Virus Malformed ZIP Archives flaws [UPDATE] (Thierry Zoller) 9. RE: Exploits Selling / Buying (Ivaylo Zashev) 10. MDKSA-2005:099 - Updated gaim packages fix more vulnerabilities (Mandriva Security Team) 11. Re: In USA the Government Votes for YOU? - Electronic Voting Systems'Security, Report (bkfsec) 12. MDKSA-2005:100 - Updated rsh packages fix vulnerability (Mandriva Security Team) 13. RE: Web application Security Scanner (Cosmin Stejerean) (Stejerean, Cosmin) ---------------------------------------------------------------------- Message: 1 Date: Tue, 14 Jun 2005 14:04:12 +0100 From: Jimmy Stewpot <[EMAIL PROTECTED]> Subject: [Full-disclosure] www.whois.sc To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hello, I have recently seen a web page www.whois.sc. One of the features that they have is a "reverse ip" lookup. With that tool I can lookup the IP address of a server and it will return how many domains are hosted on it. What I have been trying to figure out is how does that work? I did a tcpdump on the server that I looked up and it didnt see any abnormal packets. Does anyone have any idea how that feature works? For example If lookup the following : http://www.whois.sc/reverse-ip/?lookup=210.193.162.9 It comes back and shows me several domain names hosted (two to be exact). Can anyone shed some light on that? Thanks ------------------------------ Message: 2 Date: Tue, 14 Jun 2005 15:09:46 +0200 From: Andreas Gietl <[EMAIL PROTECTED]> Subject: Re: [Full-disclosure] www.whois.sc To: Jimmy Stewpot <[EMAIL PROTECTED]> Cc: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 As the results are not very accurate and i see no possibility to gain these information directly from the host running the ip or any entries in die ptr for the ip, i guess they just keep a database of domains and ther ip-adresses and do a lookup on the ip for that ip. Jimmy Stewpot wrote:Hello, I have recently seen a web page www.whois.sc. One of the features that they have is a "reverse ip" lookup. With that tool I can lookup the IP address of a server and it will return how many domains are hosted on it. What I have been trying to figure out is how does that work? I did a tcpdump on the server that I looked up and it didnt see any abnormal packets. Does anyone have any idea how that feature works? For example If lookup the following : http://www.whois.sc/reverse-ip/?lookup=210.193.162.9 It comes back and shows me several domain names hosted (two to be exact). Can anyone shed some light on that? Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
m. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
