RE: how to check for hostnames of wildcard-domains

From: Dario Ciccarone (dciccaro) (dciccaro@cisco.com)
Date: Tue Feb 14 2006 - 09:01:56 EST

• Next message: Nicob: "Re: IPv6 Security Scanner"
• Previous message: Jim Geovedi: "Re: Why Penetration Test?"
• Maybe in reply to: thomas springer: "how to check for hostnames of wildcard-domains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The obvious answer (which is probably wrong - considering its
obviousness) would be to do an A query for every name you're interested
in (ftp.domain.tld, www.domain.tld, etc), and finally a couple more
queries (both, if really paranoid): one for random_name.domain.tld,
another for random_name.random_subdomain.domain.tld. Check the answers
you got for those two queries against any answer you got before.

What are the chances of ftp.domain.tld address ==
ghd63448211abdyctc.domain.tld ==
djkdfye653323fhj.sddscll33hdhfg.domain.tld ?

> -----Original Message-----
> From: thomas springer [mailto:tuevsec@gmx.net]
> Sent: Sunday, February 12, 2006 2:32 PM
> To: pen-test@securityfocus.com
> Subject: how to check for hostnames of wildcard-domains
>
> I'm stumbling more and more over domains that have a A-Record for
> *.domain.tld set in their zonefile - with the effect that every
> ns-lookup for an A-Record on this domain returns an ip, even if the
> hostname is not really existing. You might check for the
> wildcard with a
> simple "dig *.domain.tld A +short".
>
> Is there a way to distinguish the *.dom.tld-matching from a real
> existing A-Record using a ns-lookup alone?
>
> tom
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your
> website. Up to 75% of cyber attacks are launched on shopping
> carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks
> before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Nicob: "Re: IPv6 Security Scanner"
• Previous message: Jim Geovedi: "Re: Why Penetration Test?"
• Maybe in reply to: thomas springer: "how to check for hostnames of wildcard-domains"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT