[LACNIC/Seguridad] Ejemplo de ataque a un registro "Whois"? (el registro de microsoft.com)
Nicolas Antoniello
nantoniello en gmail.com
Vie Jun 17 13:52:43 BRT 2011
... una especie de "ataque legal" a la marca Microsoft, que nadie chequea
pues crear subdominios no constituye un ataque en si mismo. :)
On Fri, Jun 17, 2011 at 13:38, Nicolas Antoniello <nantoniello en gmail.com>wrote:
> Estimados,
>
> Buscando el registro de microsoft.com en la base whois, desde un cliente
> whois de Ubuntu, obtenemos la sigueinte respuesta... a ver que les parece?
>
>
> root en nyquist:~# whois microsoft.com
>
> Whois Server Version 2.0
>
> Domain names in the .com and .net domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> Server Name:
> MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
> IP Address: 209.126.190.70
> Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A
> PUBLICDOMAINREGISTRY.COM
> Whois Server: whois.PublicDomainRegistry.com
> Referral URL: http://www.PublicDomainRegistry.com
>
> Server Name:
> MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZ.IM.ELITE.WANNABE.TOO.WWW.PLUS613.NET
> IP Address: 64.251.18.228
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
> IP Address: 203.36.226.2
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> IP Address: 69.41.185.194
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
> IP Address: 217.107.217.167
> Registrar: DOMAINCONTEXT, INC.
> Whois Server: whois.domaincontext.com
> Referral URL: http://www.domaincontext.com
>
> Server Name: MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
> IP Address: 207.44.240.96
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
> IP Address: 216.127.80.46
> Registrar: ASCIO TECHNOLOGIES, INC.
> Whois Server: whois.ascio.com
> Referral URL: http://www.ascio.com
>
> Server Name: MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
> IP Address: 216.127.80.46
> Registrar: ASCIO TECHNOLOGIES, INC.
> Whois Server: whois.ascio.com
> Referral URL: http://www.ascio.com
>
> Server Name: MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM
> IP Address: 80.190.192.33
> Registrar: EPAG DOMAINSERVICES GMBH
> Whois Server: whois.enterprice.net
> Referral URL: http://www.enterprice.net
>
> Server Name: MICROSOFT.COM.TOTALLY.SUCKS.S3U.NET
> IP Address: 207.208.13.22
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com
> Referral URL: http://www.melbourneit.com
>
> Server Name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
> IP Address: 65.160.248.13
> Registrar: GKG.NET, INC.
> Whois Server: whois.gkg.net
> Referral URL: http://www.gkg.net
>
> Server Name: MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.OHMYGODITBURNS.COM
> IP Address: 216.158.63.6
> Registrar: DOTSTER, INC.
> Whois Server: whois.dotster.com
> Referral URL: http://www.dotster.com
>
> Server Name: MICROSOFT.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> IP Address: 203.36.226.2
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.MATCHES.THIS.STRING.AT.KEYSIGNERS.COM
> IP Address: 85.10.240.254
> Registrar: HETZNER ONLINE AG
> Whois Server: whois.your-server.de
> Referral URL: http://www.hetzner.de
>
> Server Name:
> MICROSOFT.COM.MAKES.RICKARD.DRINK.SAMBUCA.0800CARRENTAL.COM
> IP Address: 209.85.135.106
> Registrar: KEY-SYSTEMS GMBH
> Whois Server: whois.rrpproxy.net
> Referral URL: http://www.key-systems.net
>
> Server Name: MICROSOFT.COM.LOVES.ME.KOSMAL.NET
> IP Address: 65.75.198.123
> Registrar: GODADDY.COM, INC.
> Whois Server: whois.godaddy.com
> Referral URL: http://registrar.godaddy.com
>
> Server Name: MICROSOFT.COM.LIVES.AT.SHAUNEWING.COM
> IP Address: 216.40.250.172
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.IS.NOT.YEPPA.ORG
> Registrar: OVH
> Whois Server: whois.ovh.com
> Referral URL: http://www.ovh.com
>
> Server Name: MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
> IP Address: 217.148.161.5
> Registrar: ENOM, INC.
> Whois Server: whois.enom.com
> Referral URL: http://www.enom.com
>
> Server Name: MICROSOFT.COM.IS.IN.BED.WITH.CURTYV.COM
> IP Address: 216.55.187.193
> Registrar: ABACUS AMERICA, INC.
> Whois Server: whois.names4ever.com
> Referral URL: http://www.names4ever.com / srs.register.com
>
> Server Name: MICROSOFT.COM.IS.HOSTED.ON.PROFITHOSTING.NET
> IP Address: 66.49.213.213
> Registrar: NAME.COM LLC
> Whois Server: whois.name.com
> Referral URL: http://www.name.com
>
> Server Name: MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
> IP Address: 63.99.165.11
> Registrar: 1 & 1 INTERNET AG
> Whois Server: whois.schlund.info
> Referral URL: http://REGISTRAR.SCHLUND.INFO
>
> Server Name: MICROSOFT.COM.IS.A.MESS.TIMPORTER.CO.UK
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com
> Referral URL: http://www.melbourneit.com
>
> Server Name: MICROSOFT.COM.HAS.A.PRESENT.COMING.FROM.HUGHESMISSILES.COM
> IP Address: 66.154.11.27
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name: MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
> IP Address: 130.58.82.232
> Registrar: CPS-DATENSYSTEME GMBH
> Whois Server: whois.cps-datensysteme.de
> Referral URL: http://www.cps-datensysteme.de
>
> Server Name: MICROSOFT.COM.CAN.GO.FUCK.ITSELF.AT.SECZY.COM
> IP Address: 209.187.114.147
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Server Name:
> MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM
> IP Address: 216.127.80.46
> Registrar: TUCOWS.COM CO.
> Whois Server: whois.tucows.com
> Referral URL: http://domainhelp.opensrs.net
>
> Domain Name: MICROSOFT.COM
> Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
> Whois Server: whois.melbourneit.com
> Referral URL: http://www.melbourneit.com
> Name Server: NS1.MSFT.NET
> Name Server: NS2.MSFT.NET
> Name Server: NS3.MSFT.NET
> Name Server: NS4.MSFT.NET
> Name Server: NS5.MSFT.NET
> Status: clientTransferProhibited
> Status: serverDeleteProhibited
> Status: serverTransferProhibited
> Status: serverUpdateProhibited
> Updated Date: 14-sep-2010
> Creation Date: 02-may-1991
> Expiration Date: 03-may-2015
>
> >>> Last update of whois database: Fri, 17 Jun 2011 16:27:27 UTC <<<
>
> NOTICE: The expiration date displayed in this record is the date the
> registrar's sponsorship of the domain name registration in the registry is
> currently set to expire. This date does not necessarily reflect the
> expiration
> date of the domain name registrant's agreement with the sponsoring
> registrar. Users may consult the sponsoring registrar's Whois database to
> view the registrar's reported date of expiration for this registration.
>
> TERMS OF USE: You are not authorized to access or query our Whois
> database through the use of electronic processes that are high-volume and
> automated except as reasonably necessary to register domain names or
> modify existing registrations; the Data in VeriSign Global Registry
> Services' ("VeriSign") Whois database is provided by VeriSign for
> information purposes only, and to assist persons in obtaining information
> about or related to a domain name registration record. VeriSign does not
> guarantee its accuracy. By submitting a Whois query, you agree to abide
> by the following terms of use: You agree that you may use this Data only
> for lawful purposes and that under no circumstances will you use this Data
> to: (1) allow, enable, or otherwise support the transmission of mass
> unsolicited, commercial advertising or solicitations via e-mail, telephone,
>
> or facsimile; or (2) enable high volume, automated, electronic processes
> that apply to VeriSign (or its computer systems). The compilation,
> repackaging, dissemination or other use of this Data is expressly
> prohibited without the prior written consent of VeriSign. You agree not to
> use electronic processes that are automated and high-volume to access or
> query the Whois database except as reasonably necessary to register
> domain names or modify existing registrations. VeriSign reserves the right
> to restrict your access to the Whois database in its sole discretion to
> ensure
> operational stability. VeriSign may restrict or terminate your access to
> the
> Whois database for failure to abide by these terms of use. VeriSign
> reserves the right to modify these terms at any time.
>
> The Registry database contains ONLY .COM, .NET, .EDU domains and
> Registrars.
>
> Domain Name.......... microsoft.com
> Creation Date........ 1991-05-02
> Registration Date.... 2009-10-06
> Expiry Date.......... 2015-05-04
> Organisation Name.... Microsoft Corporation
> Organisation Address. One Microsoft Way
> Organisation Address.
> Organisation Address. Redmond
> Organisation Address. 98052
> Organisation Address. WA
> Organisation Address. UNITED STATES
>
> Admin Name........... Administrator .
> Admin Address........ One Microsoft Way
> Admin Address........
> Admin Address........ Redmond
> Admin Address........ 98052
> Admin Address........ WA
> Admin Address........ UNITED STATES
> Admin Email.......... domains en microsoft.com
> Admin Phone.......... +1.4258828080
> Admin Fax............
>
> Tech Name............ Hostmaster .
> Tech Address......... One Microsoft Way
> Tech Address.........
> Tech Address......... Redmond
> Tech Address......... 98052
> Tech Address......... WA
> Tech Address......... UNITED STATES
> Tech Email........... msnhst en microsoft.com
> Tech Phone........... +1.4258828080
> Tech Fax.............
> Name Server.......... NS2.MSFT.NET
> Name Server.......... NS4.MSFT.NET
> Name Server.......... NS1.MSFT.NET
> Name Server.......... NS5.MSFT.NET
> Name Server.......... NS3.MSFT.NET
>
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20110617/0f488ff0/attachment.html>
Más información sobre la lista de distribución Seguridad