On Sun, Jun 09, 2002 at 10:45:18AM -0700, Brad Bemis wrote: > Just a few ideas... There are several more advanced methods that could > also be used, but they do not involve passive information gathering ;-) Try whois to get the IP networks assigned to the target, then do PTR lookus to gather host names in that zone, and finally forward lookups on all names retrieved that way. Most of the time this should give you ~90% of all records in that zone (most notably, CNAMEs will fall through the cracks). Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okirat_private | experienced what can best be described as ------------------+ ISO water torture. -- Peter Gutmann
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 10:28:00 PDT