[bdNOG] internic.net whois output

• Previous message: [bdNOG] internic.net whois output
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Very Interesting and funny. Didn't notice this earlier.

-sumon

On Fri, Jan 30, 2015 at 2:41 PM, Brian Candler <brian at nsrc.org> wrote:

> On 29/01/2015 16:07, Fakrul Alam wrote:
>
>> seems to be Ghost bug. it's only returning these kind of output for high
>> profile domain like yahoo.com, google.com, gmail.com. for others seems
>> ok.
>>
> No, it's nothing to do with Ghost (*)
>
> The whois database stores records for domains (e.g. cnn.com) and also
> nameservers which those domains are delegated to (e.g. ns1.timewarner.net)
>
> So juvenile people have realised that if they create any domain, and
> delegate it to a nameserver called e.g.
> "microsoft.com.sucks.mydomain.com"
> then anyone who does a whois query for microsoft.com will also see their
> nameserver listed. Very funny.
>
> Regards,
>
> Brian.
>
> (*) Ghost is a bug which:
> (1) Involves a client doing name to IP resolution. Note that a whois query
> does *not* do any resolution, since it's not a DNS query; it's a query of
> the registry's database using the whois protocol.
> (2) The client uses the gethostbyname() call to do this resolution
> (3) The name to be resolved is supplied by the attacker, e.g. as part of
> the HELO/EHLO in a SMTP connection
> (4) The name is specially crafted to overflow a buffer
>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20150130/e6227bd2/attachment.html>

• Previous message: [bdNOG] internic.net whois output
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]