[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Matt <firstname.lastname@example.org>
- Subject: Re: Scanner
- From: Vicky Rode <email@example.com>
- Date: Thu, 31 Mar 2005 21:00:15 -0800
- Cc: firstname.lastname@example.org
- Delivered-to: mailing list email@example.com
- Delivered-to: moderator for firstname.lastname@example.org
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:organization:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:x-enigmail-supports:content-type:content-transfer-encoding; b=D0nMVTGcggXOXguE/uNFN2lh6/WiD1rL6N7W0+FVymO+8TM3XAE3+RZ+0Nb1kdfTUfsaT7kBLGw/J27pW9QHzzNpCyc0ml6dBRpSpDox3rRO4wUR6GGref+JQtKMKrOvMwzTEfINpLarQ+2OPSbQe3u64F4ZYGUJXQrMOuQAPS8=
- In-reply-to: <email@example.com>
- List-help: <mailto:firstname.lastname@example.org>
- List-id: <vuln-dev.list-id.securityfocus.com>
- List-post: <mailto:email@example.com>
- List-subscribe: <mailto:firstname.lastname@example.org>
- List-unsubscribe: <mailto:email@example.com>
- Mailing-list: contact firstname.lastname@example.org; run by ezmlm
- Organization: /dev/null
- References: <42266B80.email@example.com> <firstname.lastname@example.org> <42442FE9.email@example.com> <Pine.GSO.firstname.lastname@example.org> <42486AE2.email@example.com> <firstname.lastname@example.org>
- Reply-to: email@example.com
- User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
So let me get this straight...
So what you want to do is go through someone's SOA (Start of
Authority) and search for just keywords that you choose in order to
find all sites containing those keywords?
i just want to search for domain names similar to what netcraft is doing
but on locally downloaded zone files that will parse/match keywords such
as *sex.*, *hate*.*, *porn*.*...etc.
I don't think that's gonna happen. There's no way you're getting the
entire SOA for any registrar so that you can do that. You would be
100,000,000 times better setting up your own proxy firewall and
setting up a content filtering on it and use the same keywords to
prevent people from accessing those sites. If you wanted to, over
time, you could log the events of attempted traffic with those
keywords and the sites people are trying to go to in order to build
yourself a listing of prohibited sites and then drop the keyword
filtering, but your strongest option is to stay with a proxy with
trying to build this list for a content filtering product :-)
There's a reason why there are companies out there that make big money
doing this kind of filtering technique. Because it's not that simple
to do. Cosmin's idea is kinda close to a reasonable way to go out and
get addresses, but could take a long time of searching to pull down
every possibility (e.g. Google search Results 1 - 10 of about
76,800,000 for inurl:porn. (0.12 seconds)). Good luck reading all 76
i wish i could *grin*, but i can only hit up to 1000 sites even though
it says 990,000 sites. just wondering whether having an engine sitting
locally (such as google) will help overcome this limit besides other
features it offers.
Just my .02
On Mon, 28 Mar 2005 12:36:50 -0800, Vicky Rode <firstname.lastname@example.org> wrote:
We've already looked at netcarft and it has been partially helpful.
What I'm looking at doing (besides data that I receive via peering) is
searching via keywords through sync'd dns zonefiles and parse the output
to a filter database something similar to update file if you will.
This is being done as a home-grown solution.
J. Oquendo wrote:
Actually Vicky, you're quite wrong. I'm sure this will be what you
speficied more or less. Netcratft's search DNS
However, I think it only finds sites that have either been checked on
Netcraft, or perhaps sites that have been queried or something. Not sure
of the parameters behind how they obtain the information.
On Fri, 25 Mar 2005, Vicky Rode wrote:
absolutely NOT but in fact to search for offending sites (porn,
call-home..etc) to be blocked at our filtering appliance.
Alexander Chamandy wrote:
On Wed, 02 Mar 2005 17:42:24 -0800, Vicky Rode <email@example.com> wrote:
Just wondering if there is any way I could use a scanner (I have a home
grown script for this) that would go thru the DNS registries from some
public source, scan for keywords in the domain name.
Will appreciate if someone can point me in the right direction.
You mean to scan whois records for particular domains for keywords in
the registration information or scan the registry for domain names
with certain keywords? This wouldn't be used for gathering
information such as e-mail addresses to spam, would it?
GPG Key ID 0x0D99C05C
sil @ infiltrated . net http://www.infiltrated.net
"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey