expedia.msn.com does not resolve
Brad Knowles
brad.knowles at skynet.be
Wed Aug 15 23:44:51 UTC 2001
At 12:58 AM +0200 8/16/01, Brad Knowles wrote:
> The thing I find so amusing is that Microsoft apparently blocks
> TCP port 53 queries to at least some of their nameservers (if not all
> of them).
Interesting:
% dig @a.gtld-servers.net. microsoft.com. ns
; <<>> DiG 9.1.2 <<>> @a.gtld-servers.net. microsoft.com. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48554
;; flags: qr rd; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 12
;; QUESTION SECTION:
;microsoft.com. IN NS
;; ANSWER SECTION:
microsoft.com. 172800 IN NS DNS2.DC.MSFT.NET.
microsoft.com. 172800 IN NS DNS1.SJ.MSFT.NET.
microsoft.com. 172800 IN NS DNS2.SJ.MSFT.NET.
microsoft.com. 172800 IN NS DNS2.CP.MSFT.NET.
microsoft.com. 172800 IN NS DNS1.CP.MSFT.NET.
microsoft.com. 172800 IN NS DNS1.TK.MSFT.NET.
microsoft.com. 172800 IN NS DNS2.TK.MSFT.NET.
microsoft.com. 172800 IN NS DNS3.UK.MSFT.NET.
microsoft.com. 172800 IN NS DNS4.UK.MSFT.NET.
microsoft.com. 172800 IN NS DNS3.JP.MSFT.NET.
microsoft.com. 172800 IN NS DNS4.JP.MSFT.NET.
microsoft.com. 172800 IN NS DNS1.DC.MSFT.NET.
;; ADDITIONAL SECTION:
DNS2.DC.MSFT.NET. 172800 IN A 207.68.128.152
DNS1.SJ.MSFT.NET. 172800 IN A 207.46.97.11
DNS2.SJ.MSFT.NET. 172800 IN A 207.46.97.12
DNS2.CP.MSFT.NET. 172800 IN A 207.46.138.21
DNS1.CP.MSFT.NET. 172800 IN A 207.46.138.20
DNS1.TK.MSFT.NET. 172800 IN A 207.46.232.37
DNS2.TK.MSFT.NET. 172800 IN A 207.46.232.38
DNS3.UK.MSFT.NET. 172800 IN A 213.199.144.151
DNS4.UK.MSFT.NET. 172800 IN A 213.199.144.152
DNS3.JP.MSFT.NET. 172800 IN A 207.46.72.123
DNS4.JP.MSFT.NET. 172800 IN A 207.46.72.124
DNS1.DC.MSFT.NET. 172800 IN A 207.68.128.151
;; Query time: 8 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net.)
;; WHEN: Wed Aug 15 19:30:23 2001
;; MSG SIZE rcvd: 477
% nmap -sT -F -P0 DNS2.tk.msft.net.
The TCP connect scan took 469 seconds to scan 1062 ports.
Interesting ports on dns2.tk.msft.net (207.46.232.38):
(The 1055 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
111/tcp open sunrpc
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
1031/tcp open iad2
Final times for host: srtt: 77582 rttvar: 393 to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 470 seconds
% nmap -sT -F -P0 DNS1.tk.msft.net.
The TCP connect scan took 480 seconds to scan 1062 ports.
Interesting ports on dns1.tk.msft.net (207.46.232.37):
(The 1055 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
111/tcp open sunrpc
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
1031/tcp open iad2
Final times for host: srtt: 77210 rttvar: 348 to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 480 seconds
Nevertheless, DNS queries using TCP never seem to go through to
even these two machines.
If these are machines running a MickeySoft OS, it seems to me
that the fact they have ports 135 & 139 open means that they are ripe
to be easily "0wn3d" by some NetBIOS-hacking "sKr1pt K1dd13".
However, they appear to have "protected" themselves against Code
Red (and Code Red II) on the other machines by denying all TCP
traffic of any sort:
% nmap -sT -F -P0 DNS1.CP.MSFT.NET.
The TCP connect scan took 1311 seconds to scan 1062 ports.
All 1062 scanned ports on dns1.cp.msft.net (207.46.138.20) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1311 seconds
% nmap -sT -F -P0 DNS2.CP.MSFT.NET.
The TCP connect scan took 1333 seconds to scan 1062 ports.
All 1062 scanned ports on dns2.cp.msft.net (207.46.138.21) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1333 seconds
% nmap -sT -F -P0 DNS1.dc.msft.net.
The TCP connect scan took 1323 seconds to scan 1062 ports.
All 1062 scanned ports on dns1.dc.msft.net (207.68.128.151) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1323 seconds
% nmap -sT -F -P0 DNS2.dc.msft.net.
The TCP connect scan took 1293 seconds to scan 1062 ports.
All 1062 scanned ports on dns2.dc.msft.net (207.68.128.152) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1293 seconds
% nmap -sT -F -P0 DNS1.jp.msft.net.
The TCP connect scan took 1255 seconds to scan 1062 ports.
All 1062 scanned ports on dns1.jp.msft.net (207.46.72.121) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1256 seconds
% nmap -sT -F -P0 DNS2.jp.msft.net.
The TCP connect scan took 1337 seconds to scan 1062 ports.
All 1062 scanned ports on dns2.jp.msft.net (207.46.72.122) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1337 seconds
% nmap -sT -F -P0 DNS3.uk.msft.net.
The TCP connect scan took 1319 seconds to scan 1062 ports.
All 1062 scanned ports on dns3.uk.msft.net (213.199.144.151) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1319 seconds
% nmap -sT -F -P0 DNS4.uk.msft.net.
The TCP connect scan took 1328 seconds to scan 1062 ports.
All 1062 scanned ports on dns4.uk.msft.net (213.199.144.152) are: filtered
Final times for host: srtt: -1 rttvar: -1 to: 6000000
Nmap run completed -- 1 IP address (1 host up) scanned in 1328 seconds
But these two are kind of interesting:
% nmap -sT -F -P0 DNS1.sj.msft.net.
The TCP connect scan took 551 seconds to scan 1062 ports.
Interesting ports on dns1.sj.msft.net (207.46.97.11):
(The 1060 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp closed http
443/tcp closed https
Final times for host: srtt: 72507 rttvar: 54717 to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 551 seconds
% nmap -sT -F -P0 DNS2.sj.msft.net.
The TCP connect scan took 573 seconds to scan 1062 ports.
Interesting ports on dns2.sj.msft.net (207.46.97.12):
(The 1060 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp closed http
443/tcp closed https
Final times for host: srtt: 71821 rttvar: 54066 to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 573 seconds
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list