RE: zone transfers, a spammer's dream?
I've forwarded this to CIRA (the .ca registry) and I've been told that this
has been fixed.
Regards,
Marcin Pacyna
-----Original Message-----
From: Lode Vermeiren [mailto:lode@xxxxxxx]
Sent: December 7, 2004 5:39 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: zone transfers, a spammer's dream?
Hello all,
while doing some experiments with dig using a .fm domain I made a small
typo. Much to my surprise the whole fm zone was transferable by anyone.
It's obvious this is a fabulous source for dictionary spammers who just
mail to generic addresses at as much domains as they can possibly find.
(info@xxxxxxxxxxx, sales@xxxxxxxxxxx, ...)
Intrigued by the .fm zone, I did a quick scan to see which other top
level domains allowed zone transfers. It was no surprise to me that some
small zones of developing countries were open, but one top level domain
immediately caught my eye: getting the complete .ca zone (Canada), 48 Mb
in total, serving 471.686 domains is as easy as doing 'dig axfr ca
@ca01.cira.ca.'
Some zones weren't transferable at the master nameservers, but were
transferable at slave servers.
Other publicly transferable zones: (quick and dirty count, divide by +/-
3 to get the number of domains, as this lists multiple name servers per
domain)
wc -l *.zone
432 ao.zone
5050 ba.zone
15 biz.et.zone
4645 bo.zone
45 bt.zone
923 bw.zone
1031788 ca.zone
20 cf.zone
11167 com.eg.zone
208 com.er.zone
377 com.ye.zone
313 cv.zone
5216 dj.zone
3724 ec.zone
51054 ee.zone
36 eg.zone
42 er.zone
54 et.zone
10063 fm.zone
498 ga.zone
482 gd.zone
6829 ge.zone
885 gp.zone
27 gq.zone
13622 gs.zone
45 gu.zone
31 gw.zone
541 gy.zone
16522 jm.zone
2732 kg.zone
76 kh.zone
17 km.zone
1467 kn.zone
210 lc.zone
36 mh.zone
75 mp.zone
22047 ms.zone
69 mt.zone
3697 museum.zone
2013 mw.zone
156 mz.zone
264 na.zone
732 org.eg.zone
415 org.mt.zone
26665 pk.zone
4280 sm.zone
3172 sn.zone
17495 tc.zone
38 td.zone
1999 tp.zone
171 uk.zone
16 um.zone
70 uy.zone
2407 vc.zone
15645 vg.zone
3308 vu.zone
61 ye.zone
220 yu.zone
This does not include some second level domains like net.** and org.**,
as my quick and dirty script didn't check these.
After a much too long introduction here comes my questions: is this
deliberate? I can understand that Chad has bigger things to worry about
than 24 domains getting on yet another spam list, but why Canada makes
nearly half a million domains as easy to grab as this really is a
mystery to me.
What do you think?
Best regards,
Lode Vermeiren
__
lode@xxxxxxx