RE: DNS mapping

From: Kluge (kluge@blackroses.com)
Date: Mon Feb 26 2007 - 23:51:08 EST


...but now he wants to know if a certain host in a certain domain was
actually up and online at any point in the past -- and if it was, he also
wants to know which IP it was living on at the time. Neither of which can
be gleaned from WHOIS records.

    The only way to accomplish this kind of query would be for him to set up
an automated script that makes daily/regular checks to see if the host in
that rootkit's URL is up and log the results.

-kluge

On Mon, 26 Feb 2007, Walsh, Leo wrote:

> For a fee you can see historic whois data for a very large number of
> domains at DomainTools:
>
> http://domain-history.domaintools.com/
>
> I believe you can sign up for free and get a few queries before you'll be
> required to pay for more searches.
>
> -Leo Walsh
> Jefferson Wells International
> 816-627-4222 (office)
> 913-484-8051 (cell)
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Ken Kousky
> Sent: Saturday, February 24, 2007 9:22 AM
> To: 'crazy frog crazy frog'; 'Sergi Rosello'
> Cc: oivind.lund@gmail.com; pen-test@securityfocus.com
> Subject: RE: DNS mapping
>
> If I could branch off here - we have a url from a rootkit that points to a
> site that's been up and down and frequently moved. We'd like to know for a
> specific date range last year if the site was active and what the IP
> address would have been. Is there an easy way to find out the IP address
> for a domain for a particular historic date range other than working with
> the name registration source? Is there an independent log we could check
> out?
>
>
> KWK
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of crazy frog crazy frog
> Sent: Thursday, February 22, 2007 1:23 AM
> To: Sergi Rosello
> Cc: oivind.lund@gmail.com; pen-test@securityfocus.com
> Subject: Re: DNS mapping
>
> http://www.seologs.com/ip-domains.html
> this will help you.althoug not much accurate.
> but you can determine the domains hosted on ur ip.
> On 2/21/07, Sergi Rosello <sergi_75@yahoo.es> wrote:
> > Try whit it:
> >
> > www.dnspython.org
> >
> > luck :-)
> >
> > --- oivind.lund@gmail.com escribió:
> >
> > > I was wondering if there is an easy way to write a script to use for
> > > reverse DNS mapping.
> > > For instance, inputting the address test.com to the script and then
> > > having the script reverse mapping the address and testing other
> > > common DNS names like mail.test.com , web.test.com etc ?
> > > Or maybe there is a tool available which allows me to do this and
> > > make my own list of common DNS names ?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT