Re: [Full-Disclosure] Whois acting funny in FreeBSD

From: Rev. Kronovohr (kronovohr_at_finalaeon.net)
Date: 12/30/03

  • Next message: Paul Farrow: "Re: [Full-Disclosure] whois.crsnic.net hacked?" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 30 Dec 2003 12:56:13 -0600

    this is a common occurrance...all one must do is register a nameserver
    with the "target" domain as the beginning of the subdomain. Do a WHOIS
    on microsoft.com and you'll see what I mean.

    Several companies are now doing this to their competition

    On Tue, 2003-12-30 at 12:42, Chris McGinnis wrote:
    > Today I've noticed something weird on all my FreeBSD boxes. When I whois
    > domains like msn.com, microsoft.com, aol.com and others I get stuff like:
    >
    > $ whois msn.com
    >
    > Whois Server Version 1.3
    >
    > Domain names in the .com and .net domains can now be registered
    > with many different competing registrars. Go to http://www.internic.net
    > for detailed information.
    >
    > MSN.COM.TW
    > MSN.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
    > MSN.COM
    >
    > My linux boxes seem to work fine. When I query a specific whois server
    > such as whois.networksolutions.com it works fine also. Is anyone else
    > getting anything like this? I'm thinking maybe the default whois server
    > that the whois program queries has been compromised? I'm not sure what the
    > default whois server is.
    >
    > -Chris
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html 

    -- 
Rev. Kronovohr <kronovohr@finalaeon.net> The Brotherhood of the Final Aeon
finger kronovohr@finalaeon.net   or
http://www.finalaeon.net/finger.php?user=kronovohr&host=finalaeon.net
fingerprint: 37C4 B78A 770E 9D85 79E3  532F BB29 03FE 0759 CF8B

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Farrow: "Re: [Full-Disclosure] whois.crsnic.net hacked?"

    Relevant Pages

    • /etc/whois.conf being ignored
      ... I'm running whois version 4.6.9 by Marco d'Itri on SuSE 9.1 pro. ... interpret each line as a regex followed by a whois server name. ... If the regex matches the query it will use the given whois server. ... different top level domain registries without me having to know ...
      (alt.os.linux.suse)
    • Re: WHOIS 1.6 updated
      ... Or check the ICANN copy of the root zone file ... you seem to think that the WHOIS provided with TCPIP Services is far ... Whois Server Version 1.3 ... I have about 170 TLDs covered with my software, ...
      (comp.os.vms)
    • Re: IP ranges used in North America, Hawaii, and Alaska?
      ... A polyphonic musical form in which a theme stated ... >Moe Trin said: Did you try a 'whois' query of the addresses? ... entry used by the whois server. ...
      (comp.os.linux.security)
    • Re: This TLD has no whois server.
      ... I think some of the domains just do not have a whois server ... but as-long-as the entries for NS is in the root servers ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: whoisd for Fedora?
      ... That's a whois client, not a whoisd. ... That isw true, but it uses a whois server that is unversally avalable. ...
      (Fedora)