Re: [Fwd: zone transfers, a spammer's dream?]
On Tue, 14 Dec 2004, Stephane Bortzmeyer wrote: > > 171 uk.zone > > Everything is in subdomains like co.uk, so there is no point in > blocking zone transfers for the TLD. For the same reason, it is perfectly normal to $ dig @.root-servers.net. . axfr -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
RE: [Fwd: zone transfers, a spammer's dream?]
www.bl.uk? Matt. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephane Bortzmeyer Sent: 14 December 2004 09:52 To: Gadi Evron Cc: nanog list Subject: Re: [Fwd: zone transfers, a spammer's dream?] On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron <[EMAIL PROTECTED]> wrote a message of 174 lines which said: > 171 uk.zone Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD. -- Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==
RE: [Fwd: zone transfers, a spammer's dream?]
--On 14 December 2004 10:17 + Matt Ryan <[EMAIL PROTECTED]> wrote: 171 uk.zone www.bl.uk? All bar the 171 lines :-) (.uk itself contains some legacy including bl.uk, govt.uk etc.). Alex
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron <[EMAIL PROTECTED]> wrote a message of 174 lines which said: > 171 uk.zone Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD.
Re: [Fwd: zone transfers, a spammer's dream?]
--On 11 December 2004 11:22 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. It looks as if Paul Vaulksner obtained a list of .UK domains. He's no longer asking for it in this regular spam message... Or he's decided not to proceed for whatever reason. Perhaps he read: http://tinyurl.com/6datz http://tinyurl.com/6p9pt http://tinyurl.com/6sv4p http://tinyurl.com/5r9nu etc. and decided not to bother. Alex
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 04:59:33PM +, Alex Bligh wrote: > They clearly don't "already have" this information, or they wouldn't > be > a) offering to pay people for it > b) continue to be trying to obtain it by data mining. Sure, some of "them" quite clearly don't. And so they're buying it from those who do, or acquiring it themselves. But lots of "them" have it, and have means to acquire updates to it when it suits them. This can't be surprising to anybody, given the amount of money being thrown around, the technical sophistication that's been displayed, and the usual assortment of security issues. > Your argument [...] It's not an argument. I'm just reporting the news. Well, okay, I suppose I'm also arguing that there's no point in maintaining the pretense that registrars are keeping it all tucked away safe from [automated] prying eyes because it's obvious to everyone that *if* that was ever true, it stopped being true a long time ago. It's done. It's over. It's history. Any debate about how it _should_ have been kept tucked safe away has been rendered moot, and while it might still hold some philosophical interest, its practical value is nil. > Note also that responsible registries do provide query access (automable > where necessary) to registration data in a variety of different ways; > not all make it "as hard as possible" for others to access it. I think it's time to abandon the charade and simply publish all of it -- one static web page per domain, refreshed when the backing info changes. That would at least level the playing field, and pull the rug out from under those who are selling it. ---Rsk
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, 09 Dec 2004 18:46:32 +0100, =?ISO-8859-1?Q?Kandra_Nyg=E5rds?= said: > > IE sure, there's a lot of leaked information out there (often including > > personal data), that doesn't mean responsible registries should add > > to it. > > Such as... selling access to the data to anyone who pays? No, > responsible registries should of course not do this. It all depends on the registry's moral and ethical stance, and whether it feels more responsibility to the public trust, or responsibility to "maximize shareholder value". A large enough payment does wonders for shareholder value, and an incredible number of companies don't seem to feel any great need to benefit the public trust if not forced to do so. And of course, even a not-large payment often suffices, especially if it involves a suitcase and maximizing an underpaid employee's value... ;) pgpZIe8mQKIeU.pgp Description: PGP signature
Re: [Fwd: zone transfers, a spammer's dream?]
--On 09 December 2004 18:46 +0100 Kandra Nygårds <[EMAIL PROTECTED]> wrote: IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this. Indeed. I wasn't suggesting they should. Alex
Re: [Fwd: zone transfers, a spammer's dream?]
Alex Bligh wrote: The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. There are lots of small-time spammers. Rest assured that the big fish already have access to most major zonefiles. Your argument is roughly equivalent to "The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them". Or "Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them". Drugs are bad. Domains aren't. For a certain value of aren't. Credit card numbers are all you need to commit fraud. Domains aren't. For a certain value of aren't. IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this. - Kandra
Re: [Fwd: zone transfers, a spammer's dream?]
- Original Message - From: "Alex Bligh" <[EMAIL PROTECTED]> To: "Rich Kulawiec" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "Alex Bligh" <[EMAIL PROTECTED]> Sent: Thursday, December 09, 2004 11:59 AM Subject: Re: [Fwd: zone transfers, a spammer's dream?] > > > > --On 09 December 2004 10:24 -0500 Rich Kulawiec <[EMAIL PROTECTED]> wrote: > > > The irony of all this is that spammers already have all this information > > -- yet registrars have gone out of their way to make it as difficult as > > possible for everyone else to get it (rate-limiting queries and so on). > > They clearly don't "already have" this information, or they wouldn't agreed. also of note is that at least from here, the .ca folks have fixed the issue. -p --- paul galynin
Re: [Fwd: zone transfers, a spammer's dream?]
--On 09 December 2004 10:24 -0500 Rich Kulawiec <[EMAIL PROTECTED]> wrote: The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. Your argument is roughly equivalent to "The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them". Or "Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them". IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Note also that responsible registries do provide query access (automable where necessary) to registration data in a variety of different ways; not all make it "as hard as possible" for others to access it. I will leave it to the reader's judgment to work out which registries come under the category "responsible". Alex
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron wrote: > After a much too long introduction here comes my questions: is this > deliberate? I can understand that Chad has bigger things to worry about > than 24 domains getting on yet another spam list, but why Canada makes > nearly half a million domains as easy to grab as this really is a > mystery to me. It doesn't matter: that toothpaste came out of the tube a long time ago. Spammers have been buying and selling domain registration information for years, and anyone with cash-in-hand can buy as much of it as they want: either by TLD or by country or by category. Here's just a tiny tip-of-the-iceberg sample of the hundreds (?) of buyers, sellers, and brokers for WHOIS data and tools to manipulate it: http://www.bestextractor.com/ http://www.massmailsoftware.com/whois/ http://lists.freebsd.org/pipermail/freebsd-chat/2004-January/001942.html http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00121.html http://www.sherpastore.com/store/page.cfm/2003 You can find as many more as you wish by using your favorite search engine to look for various combinations of extractor whois contact domain fresh leads market target email url and then just following the links back to their sites. (If the sites are down, don't worry: they'll be back soon, maybe with a new domain, maybe on a new web host.) How are they getting it? I don't know. Maybe they have deals with registrars; maybe they have deals with registrar employees; maybe they just breached registrar security. Or maybe something else entirely. However they're getting it, they're getting updates: in fact, updated information carries higher market value. And anyone who is so foolish as to believe that their "private" (obfuscated, cloaked, whatever) domain registration information is *really* private is in for a rude awakening. The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). ---Rsk
[Fwd: zone transfers, a spammer's dream?]
--- Begin Message --- Hello all, while doing some experiments with dig using a .fm domain I made a small typo. Much to my surprise the whole fm zone was transferable by anyone. It's obvious this is a fabulous source for dictionary spammers who just mail to generic addresses at as much domains as they can possibly find. ([EMAIL PROTECTED], [EMAIL PROTECTED], ...) Intrigued by the .fm zone, I did a quick scan to see which other top level domains allowed zone transfers. It was no surprise to me that some small zones of developing countries were open, but one top level domain immediately caught my eye: getting the complete .ca zone (Canada), 48 Mb in total, serving 471.686 domains is as easy as doing 'dig axfr ca @ca01.cira.ca.' Some zones weren't transferable at the master nameservers, but were transferable at slave servers. Other publicly transferable zones: (quick and dirty count, divide by +/- 3 to get the number of domains, as this lists multiple name servers per domain) wc -l *.zone 432 ao.zone 5050 ba.zone 15 biz.et.zone 4645 bo.zone 45 bt.zone 923 bw.zone 1031788 ca.zone 20 cf.zone 11167 com.eg.zone 208 com.er.zone 377 com.ye.zone 313 cv.zone 5216 dj.zone 3724 ec.zone 51054 ee.zone 36 eg.zone 42 er.zone 54 et.zone 10063 fm.zone 498 ga.zone 482 gd.zone 6829 ge.zone 885 gp.zone 27 gq.zone 13622 gs.zone 45 gu.zone 31 gw.zone 541 gy.zone 16522 jm.zone 2732 kg.zone 76 kh.zone 17 km.zone 1467 kn.zone 210 lc.zone 36 mh.zone 75 mp.zone 22047 ms.zone 69 mt.zone 3697 museum.zone 2013 mw.zone 156 mz.zone 264 na.zone 732 org.eg.zone 415 org.mt.zone 26665 pk.zone 4280 sm.zone 3172 sn.zone 17495 tc.zone 38 td.zone 1999 tp.zone 171 uk.zone 16 um.zone 70 uy.zone 2407 vc.zone 15645 vg.zone 3308 vu.zone 61 ye.zone 220 yu.zone This does not include some second level domains like net.** and org.**, as my quick and dirty script didn't check these. After a much too long introduction here comes my questions: is this deliberate? I can understand that Chad has bigger things to worry about than 24 domains getting on yet another spam list, but why Canada makes nearly half a million domains as easy to grab as this really is a mystery to me. What do you think? Best regards, Lode Vermeiren __ [EMAIL PROTECTED] signature.asc Description: Dit berichtdeel is digitaal ondertekend --- End Message ---