[lacnog] Ejemplo de ataque a un registro "Whois"? (el registro de microsoft.com)
Hugo Salgado
hsalgado en nic.cl
Vie Jun 17 13:58:32 BRT 2011
Es el problema de que casi cada server whois tiene su propio
formato :) en el caso de .com el autoritativo es
whois.verisign-grs.com, el cual por defecto busca "calces". Para
hacer una búsqueda exacta hay que darle el prefijo "domain":
% whois -h whois.verisign-grs.com 'domain microsoft.com'
En el caso de Fedora, se usa jwhois que correctamente pone el
prefijo "domain " antes de consultar por un .com
Saludos,
Hugo
On 06/17/2011 12:52 PM, Nicolas Antoniello wrote:
> ... una especie de "ataque legal" a la marca Microsoft, que nadie
> chequea pues crear subdominios no constituye un ataque en si mismo. :)
>
>
> On Fri, Jun 17, 2011 at 13:38, Nicolas Antoniello <nantoniello en gmail.com
> <mailto:nantoniello en gmail.com>> wrote:
>
> Estimados,
>
> Buscando el registro de microsoft.com <http://microsoft.com> en la
> base whois, desde un cliente whois de Ubuntu, obtenemos la sigueinte
> respuesta... a ver que les parece?
>
>
> root en nyquist:~# whois microsoft.com <http://microsoft.com>
>
> Whois Server Version 2.0
>
> Domain names in the .com and .net domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> Server Name:
> MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
> <http://MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM>
> IP Address: 209.126.190.70
> Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A
> PUBLICDOMAINREGISTRY.COM <http://PUBLICDOMAINREGISTRY.COM>
> Whois Server: whois.PublicDomainRegistry.com
> <http://whois.PublicDomainRegistry.com>
> Referral URL: http://www.PublicDomainRegistry.com
>
> Server Name:
> MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZ.IM.ELITE.WANNABE.TOO.WWW.PLUS613.NET <http://MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZ.IM.ELITE.WANNABE.TOO.WWW.PLUS613.NET>
> IP Address: 64.251.18.228
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
> <http://MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM>
> IP Address: 203.36.226.2
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> <http://MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM>
> IP Address: 69.41.185.194
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
> <http://MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM>
> IP Address: 217.107.217.167
> Registrar: DOMAINCONTEXT, INC.
> Whois Server: whois.domaincontext.com
> <http://whois.domaincontext.com>
> Referral URL: http://www.domaincontext.com
>
> Server Name: MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
> <http://MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET>
> IP Address: 207.44.240.96 <tel:207.44.240.96>
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
> <http://MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET>
> IP Address: 216.127.80.46
> Registrar: ASCIO TECHNOLOGIES, INC.
> Whois Server: whois.ascio.com <http://whois.ascio.com>
> Referral URL: http://www.ascio.com
>
> Server Name: MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
> <http://MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET>
> IP Address: 216.127.80.46
> Registrar: ASCIO TECHNOLOGIES, INC.
> Whois Server: whois.ascio.com <http://whois.ascio.com>
> Referral URL: http://www.ascio.com
>
> Server Name: MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM
> <http://MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM>
> IP Address: 80.190.192.33 <tel:80.190.192.33>
> Registrar: EPAG DOMAINSERVICES GMBH
> Whois Server: whois.enterprice.net <http://whois.enterprice.net>
> Referral URL: http://www.enterprice.net
>
> Server Name: MICROSOFT.COM.TOTALLY.SUCKS.S3U.NET
> <http://MICROSOFT.COM.TOTALLY.SUCKS.S3U.NET>
> IP Address: 207.208.13.22 <tel:207.208.13.22>
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com <http://whois.enom.com>
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU
> <http://MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU>
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com <http://whois.melbourneit.com>
> Referral URL: http://www.melbourneit.com
>
> Server Name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
> <http://MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM>
> IP Address: 65.160.248.13 <tel:65.160.248.13>
> Registrar: GKG.NET <http://GKG.NET>, INC.
> Whois Server: whois.gkg.net <http://whois.gkg.net>
> Referral URL: http://www.gkg.net
>
> Server Name: MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
> <http://MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA>
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.OHMYGODITBURNS.COM
> <http://MICROSOFT.COM.OHMYGODITBURNS.COM>
> IP Address: 216.158.63.6
> Registrar: DOTSTER, INC.
> Whois Server: whois.dotster.com <http://whois.dotster.com>
> Referral URL: http://www.dotster.com
>
> Server Name: MICROSOFT.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> <http://MICROSOFT.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM>
> IP Address: 203.36.226.2
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.MATCHES.THIS.STRING.AT.KEYSIGNERS.COM
> <http://MICROSOFT.COM.MATCHES.THIS.STRING.AT.KEYSIGNERS.COM>
> IP Address: 85.10.240.254
> Registrar: HETZNER ONLINE AG
> Whois Server: whois.your-server.de <http://whois.your-server.de>
> Referral URL: http://www.hetzner.de
>
> Server Name:
> MICROSOFT.COM.MAKES.RICKARD.DRINK.SAMBUCA.0800CARRENTAL.COM
> <http://MICROSOFT.COM.MAKES.RICKARD.DRINK.SAMBUCA.0800CARRENTAL.COM>
> IP Address: 209.85.135.106
> Registrar: KEY-SYSTEMS GMBH
> Whois Server: whois.rrpproxy.net <http://whois.rrpproxy.net>
> Referral URL: http://www.key-systems.net
>
> Server Name: MICROSOFT.COM.LOVES.ME.KOSMAL.NET
> <http://MICROSOFT.COM.LOVES.ME.KOSMAL.NET>
> IP Address: 65.75.198.123 <tel:65.75.198.123>
> Registrar: GODADDY.COM <http://GODADDY.COM>, INC.
> Whois Server: whois.godaddy.com <http://whois.godaddy.com>
> Referral URL: http://registrar.godaddy.com
>
> Server Name: MICROSOFT.COM.LIVES.AT.SHAUNEWING.COM
> <http://MICROSOFT.COM.LIVES.AT.SHAUNEWING.COM>
> IP Address: 216.40.250.172
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com <http://whois.enom.com>
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.IS.NOT.YEPPA.ORG
> <http://MICROSOFT.COM.IS.NOT.YEPPA.ORG>
> Registrar: OVH
> Whois Server: whois.ovh.com <http://whois.ovh.com>
> Referral URL: http://www.ovh.com
>
> Server Name: MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
> <http://MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET>
> IP Address: 217.148.161.5
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com <http://whois.enom.com>
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.IS.IN.BED.WITH.CURTYV.COM
> <http://MICROSOFT.COM.IS.IN.BED.WITH.CURTYV.COM>
> IP Address: 216.55.187.193
> Registrar: ABACUS AMERICA, INC.
> Whois Server: whois.names4ever.com <http://whois.names4ever.com>
> Referral URL: http://www.names4ever.com / srs.register.com
> <http://srs.register.com>
>
> Server Name: MICROSOFT.COM.IS.HOSTED.ON.PROFITHOSTING.NET
> <http://MICROSOFT.COM.IS.HOSTED.ON.PROFITHOSTING.NET>
> IP Address: 66.49.213.213
> Registrar: NAME.COM <http://NAME.COM> LLC
> Whois Server: whois.name.com <http://whois.name.com>
> Referral URL: http://www.name.com
>
> Server Name:
> MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
> <http://MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET>
> IP Address: 63.99.165.11
> Registrar: 1 & 1 INTERNET AG
> Whois Server: whois.schlund.info <http://whois.schlund.info>
> Referral URL: http://REGISTRAR.SCHLUND.INFO
>
> Server Name: MICROSOFT.COM.IS.A.MESS.TIMPORTER.CO.UK
> <http://MICROSOFT.COM.IS.A.MESS.TIMPORTER.CO.UK>
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com <http://whois.melbourneit.com>
> Referral URL: http://www.melbourneit.com
>
> Server Name:
> MICROSOFT.COM.HAS.A.PRESENT.COMING.FROM.HUGHESMISSILES.COM
> <http://MICROSOFT.COM.HAS.A.PRESENT.COMING.FROM.HUGHESMISSILES.COM>
> IP Address: 66.154.11.27
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
> <http://MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET>
> IP Address: 130.58.82.232
> Registrar: CPS-DATENSYSTEME GMBH
> Whois Server: whois.cps-datensysteme.de
> <http://whois.cps-datensysteme.de>
> Referral URL: http://www.cps-datensysteme.de
>
> Server Name: MICROSOFT.COM.CAN.GO.FUCK.ITSELF.AT.SECZY.COM
> <http://MICROSOFT.COM.CAN.GO.FUCK.ITSELF.AT.SECZY.COM>
> IP Address: 209.187.114.147
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM
> <http://MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM>
> IP Address: 216.127.80.46
> Registrar: TUCOWS.COM <http://TUCOWS.COM> CO.
> Whois Server: whois.tucows.com <http://whois.tucows.com>
> Referral URL: http://domainhelp.opensrs.net
>
> Domain Name: MICROSOFT.COM <http://MICROSOFT.COM>
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com <http://whois.melbourneit.com>
> Referral URL: http://www.melbourneit.com
> Name Server: NS1.MSFT.NET <http://NS1.MSFT.NET>
> Name Server: NS2.MSFT.NET <http://NS2.MSFT.NET>
> Name Server: NS3.MSFT.NET <http://NS3.MSFT.NET>
> Name Server: NS4.MSFT.NET <http://NS4.MSFT.NET>
> Name Server: NS5.MSFT.NET <http://NS5.MSFT.NET>
> Status: clientTransferProhibited
> Status: serverDeleteProhibited
> Status: serverTransferProhibited
> Status: serverUpdateProhibited
> Updated Date: 14-sep-2010
> Creation Date: 02-may-1991
> Expiration Date: 03-may-2015
>
> >>> Last update of whois database: Fri, 17 Jun 2011 16:27:27 UTC <<<
>
> NOTICE: The expiration date displayed in this record is the date the
> registrar's sponsorship of the domain name registration in the
> registry is
> currently set to expire. This date does not necessarily reflect the
> expiration
> date of the domain name registrant's agreement with the sponsoring
> registrar. Users may consult the sponsoring registrar's Whois
> database to
> view the registrar's reported date of expiration for this registration.
>
> TERMS OF USE: You are not authorized to access or query our Whois
> database through the use of electronic processes that are
> high-volume and
> automated except as reasonably necessary to register domain names or
> modify existing registrations; the Data in VeriSign Global Registry
> Services' ("VeriSign") Whois database is provided by VeriSign for
> information purposes only, and to assist persons in obtaining
> information
> about or related to a domain name registration record. VeriSign does
> not
> guarantee its accuracy. By submitting a Whois query, you agree to abide
> by the following terms of use: You agree that you may use this Data
> only
> for lawful purposes and that under no circumstances will you use
> this Data
> to: (1) allow, enable, or otherwise support the transmission of mass
> unsolicited, commercial advertising or solicitations via e-mail,
> telephone,
> or facsimile; or (2) enable high volume, automated, electronic
> processes
> that apply to VeriSign (or its computer systems). The compilation,
> repackaging, dissemination or other use of this Data is expressly
> prohibited without the prior written consent of VeriSign. You agree
> not to
> use electronic processes that are automated and high-volume to
> access or
> query the Whois database except as reasonably necessary to register
> domain names or modify existing registrations. VeriSign reserves the
> right
> to restrict your access to the Whois database in its sole discretion
> to ensure
> operational stability. VeriSign may restrict or terminate your
> access to the
> Whois database for failure to abide by these terms of use. VeriSign
> reserves the right to modify these terms at any time.
>
> The Registry database contains ONLY .COM, .NET, .EDU domains and
> Registrars.
>
> Domain Name.......... microsoft.com <http://microsoft.com>
> Creation Date........ 1991-05-02
> Registration Date.... 2009-10-06
> Expiry Date.......... 2015-05-04
> Organisation Name.... Microsoft Corporation
> Organisation Address. One Microsoft Way
> Organisation Address.
> Organisation Address. Redmond
> Organisation Address. 98052
> Organisation Address. WA
> Organisation Address. UNITED STATES
>
> Admin Name........... Administrator .
> Admin Address........ One Microsoft Way
> Admin Address........
> Admin Address........ Redmond
> Admin Address........ 98052
> Admin Address........ WA
> Admin Address........ UNITED STATES
> Admin Email.......... domains en microsoft.com
> <mailto:domains en microsoft.com>
> Admin Phone.......... +1.4258828080 <tel:%2B1.4258828080>
> Admin Fax............
>
> Tech Name............ Hostmaster .
> Tech Address......... One Microsoft Way
> Tech Address.........
> Tech Address......... Redmond
> Tech Address......... 98052
> Tech Address......... WA
> Tech Address......... UNITED STATES
> Tech Email........... msnhst en microsoft.com
> <mailto:msnhst en microsoft.com>
> Tech Phone........... +1.4258828080 <tel:%2B1.4258828080>
> Tech Fax.............
> Name Server.......... NS2.MSFT.NET <http://NS2.MSFT.NET>
> Name Server.......... NS4.MSFT.NET <http://NS4.MSFT.NET>
> Name Server.......... NS1.MSFT.NET <http://NS1.MSFT.NET>
> Name Server.......... NS5.MSFT.NET <http://NS5.MSFT.NET>
> Name Server.......... NS3.MSFT.NET <http://NS3.MSFT.NET>
>
>
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
Más información sobre la lista de distribución LACNOG