exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

pimp16.198

pimp16.198
Posted Jan 15, 1998
Authored by pimp

Topix discussed: Governmental Commentary by Luthor, Stash discusses DNS inside out, SecurIDs, how they are utilized. ALLTEL Bank network d0x; Recon d0x on how to find anyone.

tags | magazine
SHA-256 | 15c5e4e0690dab49caed6cee9f19bc19ce64990111b3c198ba93a72baf5eff3d

pimp16.198

Change Mirror Download
PIM.,PIMPIMPIMPI.      MPIM   IMPIMPIMPI,   .MPIMPIMPIMP MPI,.MPIMPIMPIM.
MPIMPIMPIMPIMPIM. PI IMPIMPIM PIMPIMPIM PIMPIMPIMPIMPIMP.
PIMPI 'MPIMPI PIMPIMPI MP IMPIM IMPIM `PIMPIM
PIMPI MPIMPI PIMPI. PIM PIMP IMP IMPIM PIMPI PIMPIM
MPIMP .IMPIMPI PIMPI PIM PIMPIMPI MPIMP PIMPI. ,MPIMPIM
MPIMPIMPIMPIMPI' MPIM IMP IMPIMP IMPIM PIMPIMPIMPIMPIM'
MPIMPIMPIMPIM' PIMP PIM PIMPIM PIMPI PIMPIMPIMPIMP'
PIMPI IMPI MPI MPIM PIMPI PIMPI
MPIMP MPIM MPI MPIM PIMPI MPIMP
IMPIM PIMP MPI MPIM PIMPI IMPIM
PIMPI IMPI MPI MPIM PIMPI PIMPI
MPIMP MPIM MPI MPIM PIMPI MPIMP
.IMPIMPI,. .PIMP. .MPIMP, IMP' IMPIMPI. .IMPIMPI,.
MPIMPIMPIMPIM IMPIMPIMP MPIMPIMP `IM PIMPIMPIMPI MPIMPIMPIMPI


| |
---+--------------------------------------+----
| ____ ____ _ _ ____ |
| /\ | |_ _| | \__/ | | /\ |
| \/_| _||_ | | | \/_| | |
|__| |____| |_|\/|_| |__| --+----------------+---
| | |
---+----------- PROBE INDUSTRIES MAGAZINE PHILES
| | ISSUE NUMBER 16
---+--- RELEASED: 01/98 |
| |
----------+-------------------------------+----
| |
|
--------+-----
|
with the new year, comes no phear.
get new issues and news from us via
our phat website!!

http://www.dope.org/pimp/

to join the PIMP mailing list, please email
pimp@dope.org and put the word subscribe in the
message body.
|
---------------+---
|

+---------------------------------------------------------------+
| p u b l i c l y d i s c l o s e d |
| a f f i l i a t e s |
+----------------+------------------+---------------------------+
| known as: | pimp domain | inpho |
+----------------+------------------+---------------------------+
| fringe | chicago | fringe@dope.org |
| stickman | chicago | apocapimpin' |
| subhuman | chicago | subhuman@dope.org |
| stash | chicago | stash@dope.org |
| insane lineman | chicago | lineman@dope.org |
| jello biafra | chicago | apocapimpin' |
| smokee | chicago | pimpin' |
| qball | chicago | pimpin' |
| special-k | germany | special-k@dope.org |
| luthor | maine | east coast HQ, pimpin' |
| -Q- | new york | pimpin' |
| silo | chicago | silo@dope.org |
| darkelf | chicago | darkelf@dope.org |
| mastermind | florida | pimpin' |
| jcgangster | ohio | pimpin' |
+----------------+------------------+---------------------------+

preface:

the magazine following is an electronic publication to help inform
society on details they may overlook in life, computers and
telephony they may not understand, and to broaden anyone and
everyone's knowledge. there is no blatently illegal information
discussed here. there is knowledge and understanding..

knowledge is the power, the power to the people, the people
are the knowledge. everything is on a need to know basis for us.
we all need the want to know.


=====================================================================

T A B L E O F C O N T E N T S

I S S U E S I X T E E N

=====================================================================

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + a governmental commentary +
+ + +
+ + +
+ one + pimped fo you by luthor +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + SecurIDs discussed +
+ + ...proper use and utilization... +
+ + +
+ two + pimped fo you by fringe +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + a brief tutorial on ALLTEL bank systems +
+ + ...first in a possible series... +
+ + +
+ three + pimped fo you by stickman +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + a listing of companies that can get you dox on peoples +
+ + +
+ + +
+ four + pimped fo you by stickman +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + DNS (Domain Name System) discussed inside-out +
+ + +
+ + +
+ five + pimped fo you by stash +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ + +
+ sekshun + news topix for and about the scene +
+ + +
+ + +
+ six + -various sources- +
+ + +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N O N E

Governmental Commentary

pimped fo you by luthor

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

----------------------------------------------------------------------

"When in the course of human events, it becomes necessary for one
people to dissolve the political bands which have connected them with
another, and to assume, among the powers of the earth, the seperate
and equal station to which the laws of nature and nature's god entitle
them, a decent respect to the opinions of mankind requires that they
should declare the causes which empel them to the seperation."

----------------------------------------------------------------------


This article is not a technical document, but more of an
opinionated view on government. Because PIMP is not just a technical
magazine writing group of people, but a group of people who write a
magazine to further inform the community of things going on around
them that isn't available in plain view. Since alot of people are
negligent to view all sides of government I have decided to write
this.

If you look on the world wide web, bulletin boards, etc. you
will find everywhere something to do with "Anarchy". Most people
associate Anarchy with building bombs, anti-government, and utter-
chaos. This is just not true.

Another term that is used with Anarchy is Libertarianism. This is a
state of government where people make the best choices for themselves
based on the information provided to them from the general public, and
researched by themselves. It is because of this that Libertarians
stress education so much rather than stressing regulation.

If you were to ask me, regulation permits us to learn what we
need in order to make these decisions. The way I see it, the
government creates regulations that schools must abide by in order to
run and help its students "learn". These regulations create people
who are easier to control, therefore they get what they want easier.

The public must not only learn within these regulations, but
also on thier own outside of the school system, by using resources
around them, such as PIMP publications, the world wide web, bulletin
boards, etc.

A while ago, I was doing some research for myself, and have
found that there is now an amendment (or one proposed) against burning
the flag, and there is also one against burning money. Now, If you
ask me, what does it matter to someone if I burn money which was
earned by me? What should it matter to people if I burn a piece of
cloth within the confines of my own home? It shouldn't. People will
always come back with saying "Burning the flag is unpatriotic". The
first amendment states that Congress shall make no law respecting an
establishment of religion or prohibiting the free exercise thereof; or
abridging the freedom of speech, or of the press; or the right of the
people to peacefully assemble, and to petition the government for a
redress of grievances. I find that burning the flag and/or money is
my freedom of speech, it just is not a spoken, or a written freedom of
speech.

Enough of this informational piece of text, look for more from me in
the future. And remember, they can't take away your freedom, nor your
liberty.

-luthor



* END SECTION 1 *


×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N T W O

SecurID's discussed.
basic use and utilization.

pimped fo you by fringe

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

----------

Background:

SecurID's are credit card-like security devices used by many large
corporations in order to verify user authentication when a user is
calling in to a proprietary computer system. These are approximately
the same size as a credit card and they have an lcd on them.

This is an overview of how they are utilized.

----------

communication settings

The following settings are required for the authentication server:
Parity None
Data bits 8
Stop bits 1
Duplex Half
Flow Control On


you will need a normal terminal program to call the system,
however a lot of corporations have specialized software for
mac's and pc's to make it more user friendly for their
employees.. you may have heard of appletalk software
and other such programs that are vastly used by corps..
these gui's can be helpful to have in case you
are having trouble "getting in". they usually have a few
scripts to run for this and that.. everything's point and
click... blah blah blah.. back to the issue at hand.

call the SecurID dial-up that you have.. and you do need this
in order to use the card.

CONNECT 14400

to activate it.. do the following if you can't get it to work
right off the bat:

when prompted for Username:, you need to type the correct login
that is used to activate that corp/company's card. most of them
use the account 'activate' without the 's of course.

at the login: prompt type your SecurID userid in lower case.
at the Enter PASSCODE prompt type the digits shown on the SecurID.
you will then be prompted to enter your PIN code;

- this will be your 4 to 8 digit Personal Identification Number
- only numbers can be used, without leading zeroes

you will then be prompted to confirm this number by re-entering it

you will be prompted to wait for the displayed number on your card to
change, then enter the PIN chosen above followed by the number
displayed on your SecurID card.

if you were successful, the following will be displayed:

*NOTICE*
Your SecurID card has been verified and turned on....
Please press enter to exit....
ACCEPTED


go ahead, press enter. You should get the following response:
Connection closed by foreign host (WOW!)

call back up to start a new normal good vibes session.

at the Username: prompt enter in the SecurID userid in lower case.

at the password prompt enter your PIN and SecurID card number
together, without anything between them (for example: 123456999999
where 123456 is your PIN and 999999 is da numba displayed on the card)

at this point, you will be at a terminal server prompt, and
from here on it depending on what corp/company you're in, there
are different things to do. nonetheless, at this point, you're
'in' the system hopefully successfully.

problem?
receiving message Access Denied when logging in with SecurID?

you probably entered the PASSCODE wrong
your card could have been clicked off due to 3 invalid logins in a row
your SecurID has become out of sync with the authentication server.

have fun.. some of the largest peoples using this include telco's..
and when their cards are found.. well they usually tend to leave all
the info with it.. telco people are slow like that.


* END SECTION 2 *


×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N T H R E E

Welcome to the realm of computer banking.
I recently found my self with computer manuals
from a very large banking institution.

So as usual with tha pimps,
we decided to spread the knowledge.

-Stickman

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×


NOTE:
this phile will give you a detailed listing of what you may
find in this system, and various commands users can use. This
file is not meant to help people infiltrate bank systems or
to steal. Very little detail of how to use the information
is given; but the manuals themselves gave very little inpho.

The following commands are for a banking system called ALLTEL.

When connecting to an ALLTEL system it will prompt you with:

PLEASE LOGON SYSTEM-A

type in the command: ATPX
press enter

here is the screen that will be displayed next

Userid: 13:44:55
Password: 10/06/97
New Password: CLH3065D
Transfer: 3278-2
SMRTCHIA


PF1 = HELP PF3 = Logoff



There are several different processing regions in the ALLTEL system.
The next screen will show you all of the regions you have access to.

TPX MENU FOR USERID:XXXXXX

TERMINAL: CLH3065D MODEL: 3278-2 SYSTEM: ATPX

CMD=PF24 MNU=PF22 JMP=PF23 /H FOR HELP


_ACICSX PFK 1 SYSTEMATICS PRODUCTION CICS
_ACICSA PFK 2 NON-SYSTEMATICS PRODUCTION CICS
_AIMS PFK 3 HOGAN PRODUCTION
_ATSO PFK 4 TSO ON PRODUCTION
_CCICS10 PFK 5 SYSTEMATICS TEST CICS
_ACICSG PFK SIMS SYSTEMATICS PRODUCTION
_CCICS1 PFK 6 TEST CICS1
_CCICS4 PFK CCICS4 MRO
_CCICMSC2 PFK TEST CICS MISCL2
_CTSO PFK TSO ON 9672C
_CMS PFK PROFS AT BANK OF MONTREAL
_AVCN52 PFK PROFS AT BANK OF MONTREAL
_CCCTRNX PFK SYSTEMATICS XGN TRAINING
_CCICMSC3 PFK SYSTEMATICS XGN APPLICATION

Command=
PFK USAGE 7/19=UP 8/20=DOWN 10/22=LEFT 11/23=RIGHT

You can page through the selections, however you
need to place an S in front of the system you wish
to access.

F12 will always take you back to the previous screen
F8 to page down
F7 to page back up

Note: If you hit F12 to many times the screen will go blank
and you need to type CESF LOGOFF to exit and re-enter the system.

-----------------------------------
All customer service screen commands start with RM:

RMLP use to locate a customer when uncertain of exact name
RMAB listing of all customers accounts and their relationship to each
account
RMRB shows account holders and signers
RMNB shows previous and current names used on the cis record
RMMB shows previous and current names used on the cis record
RMDB list ytd average balances on all deposit accounts
RMBC shows cardholders name, ATM card number, and accounts linked to
card
RMI1 shows cardholders name, address, phone number, social security
number and DoB
RMI2/RMLM shows file maintenance history on the cis record
RMI4 shows customers total assets and liabilities with band from
a customer perspective
RMID shows total number of deposit accounts with ledger available
balances given
RMIL shows total number of loans with balances available credit given


-----------------------------------
CIS screens


COMMAND WHAT YOU WILL SEE

RMC1 name, address, ss#
RMC2 branch number
RMC3 drivers license number,
birthdate, maiden name, gender, spouse
RMC4 customer employment information
RMC5 comercial contact information
RMC8 remarks


-----------------------------------
IMPACS = CHECKING

IMPACS SCREEN COMMANDS


COMMAND WHAT YOU WILL SEE

IMI1-page 1 account information--- name, status, account type, tin
number, balance info
IMI1-page 2 check trunc 0 -= non-truncated, 1=truncated, branch,
officer, statement cycle, service charges, funding
flag, interest and tax info
IMI2 Previous 2 cycles and current Cycle Account History with select
criteria
IMI3 Current Cycle History information in statement format with
running balances
IMI4 Detailed Account Balance info - checking, holds, loans, and
savings trailer
IMI5 Stop/Hold and special instructions
IMI6 Overdraft Protection LOC info
IMI7 Savings Trailer info
IMI8 Average Collected Balance information specific to each checking
account with current month listed first
IMI0 Overdraft History information times = days

* END SECTION 3 *




×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N F O U R


A listing of places that will help you pull d0x!

Trying to find someone? Got a name but no idea
where in the world they are. Well we have compiled
a list of agencies, firms, and public access spots
where you can find and locate almost anybody.

compiled fo you by stickman

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×


Automated Name Index
PO BOX 813
Glendale, CA 91209

Data Check
P.O. Box 922169
Sylmar, CA 91392
(818) 783-DATA

J. Diliian Ross and Co.
PO Box 539
Pauma Valley, CA 92061
(619) 742-4273 [computer

Super Bureau Inc.
2600 Garden Road West 224
Monterey, CA 93940
(800)541-6821

UCC Network
185-A Commerce Circle
Sacramento, CA 95815
(916)929-4311

California Municipal Court Records (computer)
(800)332-7999 (7,E,1 login CISDEMO)

Search Unltd.
18010 Sky Park Circle
Suite 205
Irvine, CA 92714
(714) 474-1916

Court Record Consultants
17029 Devonshire St.
Suite 166
Northridge, CA
(818)366-1906

The Source
PO Box 88
Cookeville, TN 38503
(800)678-8774

Data Search
3600 American River Drive
Sacramento, CA 95864
(916)485-3282

Intelligence Network Inc.
PO Box 727
Clearwater, FL 34617
(813) 449-0072

APscreen (Bank account searches)
2043 Westcliff Dr.
Suite 300
Newport Beach, CA 92660
(714) 646 4003

Atlantic Int'l Associates
(207)761-5974

National Information Resource Service
P.O. Box 1021
Jackson, MI 49204
(517) 783-4545

Locate Unlt'd
(800)365-5622

DataQuick (Real Estate)
13160 Mindanao Way
Suite 240
Marina Del Rey, CA 90292
(213) 306-4295

AA Credit Info Services
4419 Cowan Raod, Suit 201A
Tucker, GA 30084
(404) 621-0151

Farmer & Assoc.
16845 N. 29th Ave
Suite 1205
Phoenix, AZ 85023
(602)843-5216

DataFax (National Assoc. Of Investigative Specialists Inc.)
(512) 832-0355

CDB Infotek
701 S. Parker Ave.
Suite 4500
Orange, CA 92668
(714) 542-2727

DataTrac
P.O. Box 702
Port Coquitlam, B.C.
V3B 6H9, Canada
(604) 469-0114

Trans Union Credit Info
1561 E. Orangethorpe Ave
Fullerton, CA 92631
(213) 620-1355

* END SECTION 4 *


×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N F I V E

DNS (Domain Name System) discussed inside-out

pimped fo you by stash

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×


--- Foreword Dec 1997 stash@dope.org

While I have tried to make this paper as easy to understand as
possible, there are sections that are fairly descriptive. In other
words, this is a serious document. I have spared you from my opinion,
whenever possible, and just provided the facts. I'm not a certified
teacher, and I'm not particularly good at writing (at least I dont
think so.) So, I have tried to be very straightforward in my
explanations of everything. A few pieces of text are taken from other
publications, because I couldn't really think of a much better way to
say whatever it was.. For the examples, I have used real screen
captures, with some minor editing. Some of these hosts really exist,
some don't.. Use your imagination. Also, this is a fairly long paper,
but it is also fairly comprehensive. Let me know what you think.
Having said all that, lets get started...

--- What is DNS?

DNS (the Domain Name System) is a set of distributed databases
containing IP addresses and their corresponding domain names.
DNS, with servers located all over the internet, performs the
translation back and forth between names and numbers. This allows any
network address to be assigned a relatively easy-to-remember
alphanumeric name, instead of the numeric addressing scheme used
internally by TCP/IP networks. DNS was originally designed to replace
the /etc/hosts files on unix systems. Most often, DNS is used to
perform translation between host names and IP addresses. For example,
when you enter "www.theonion.com" into your web browser, your dialer
or TCP stack performs a dns query to obtain the numeric IP address of
the site. In most cases with internet providers, the client computer
is programmed with the IP address of the ISP's nameserver, which it
queries when it needs to translate an ip address.

BIND: BIND (Berkeley Internet Name Domain) is an implementation of
DNS, both client and server. Presently, you can find information on
the latest versions of BIND (Coordinated by Paul Vixie, programmer of
numerous other unix programs) at: http://www.vix.com/isc/bind -
Development of BIND is coordinated by the Internet Software
Consortium. BIND has been ported to Windows NT and VMS, although it
was originally designed for unix, and unix-based nameservers are still
dominant over servers based on other platforms. Most people, by this
point, should be using BIND 4.9.3 or later, and if you're not, its not
a bad idea to upgrade. Older versions of BIND are now quite vulnerable
to ip spoofing and other nasty stuff.


The BIND program (you can assume i'm talking about BIND for unix
from now on) consists of a nameserver program, a boot file, and
database files. There are db files for hostname-to-address translation
( db.DOMAIN ), and db files for address-to-hostname translation
( db.ADDR ). The boot file contains information for which domains to
answer queries for, as well as telling the nameserver where the
database and cache files are located. For servers that act as
secondary nameservers for a domain, the boot file specifies the
address of the primary server as well as the file name. When the
server is started, it loads all of the db files specified in the named
boot file (The default is /etc/named.boot). After it has done this, it
binds to a port and begins answering queries from remote machines.
I'll explain the different types of queries later.


--- Overview of DNS:

In the Domain Name System naming of computers, there is a hierarchy
of names. The root of the system is unnamed. There are a set of Top-
Level Domain Names (TLDs). These are the standard TLDs, like .COM .NET
.ORG .EDU .MIL .GOV, as well as the 2-letter country codes such as .US
.CA .JP. The generic TLDs are assigned as follows:

- Worldwide Generic Domains:

.COM - Commercial Organizations - Companies.

.NET - Networking Organizations - This TLD is intended for Network
operations, Computers, network nodes, administrative servers,
etc.

.ORG - Not-For-Profit Organizations, or other organizations that don't
fit anywhere else.

.EDU - Reserved for 4-Year Schools. Originally intended for all
schools, but recently has been limited to 4-year colleges and
universities. 2-Year colleges and other schools use the country
domains (k12.il.us)

.GOV - Government Networks. Originally intended for any kind of
government agency, but recently has been limited to agencies of
the U.S. Federal government. State and local agencies use the
country domains. Authority for these generic TLD's is delegate
by the internet network information center (InterNIC), which is
sponsored and funded by the National Science Foundation.
Registering a domain name in one of these TLD's consists of
applying to the InterNIC and paying $100 (1997 :) for the first
2 years of domain name service. After the domain is registered,
the InterNIC updates their root servers, and when a query is
received for the domain, it is directed to the local
nameserver. You can get the latest copy of the domain
application form at ftp://rs.internic.net/templates/domain-
template.txt

- U.S. Only Generic Domains:

.MIL - This domain is used by the U.S. Military.

Instead of the InterNIC, which controls most of the generic TLD's,
.MIL domains are controlled by the Defense Data Network's NIC server
(nic.ddn.mil). You should use this server for lookups if you are
retrieving information about U.S. Military hostnames.

Country Code Domains:

US - For example, the .US domain covers all kinds of entities in the
United States, based on physical geography. The hostnames are in the
basic form:

<name>.<locality>.<state-code>.US. For example, nowhere.chicago.il.us.

Additionally, branches of the .US domain are provided within each
state for different types of organizations, such as Schools (K12),
Community Colleges (CC), and state government agencies (STATE).

--- The 2 basic parts of DNS:

- Nameserver: The server end of DNS. The server answers queries from
remote clients with the requested translation. Nameserver refers to a
computer on the network running BIND or another implementation of DNS.

- Resolver: This is the client side of DNS. The job of the resolver is
to take requests from the user, and retrieve a translation from the
nameserver.


--- NAMED, specifically BIND, databases:


--- DNS Master File Format
(From RFC1035, pages 33-35)

The format of these files is a sequence of entries. Entries are
predominantly line-oriented, though parentheses can be used to
continue a list of items across a line boundary, and text literals can
contain CRLF within the text. Any combination of tabs and spaces act
as a delimeter between the separate items that make up an entry. The
end of any line in the master file can end with a comment. The comment
starts with a ";".

SOA Start Of Authority - Indicates authority for this domain data.
NS Name Server - Lists a name server for this domain.
A Address - Name-to-Address Mapping.
CNAME Canonical Name - For Aliases.
MX Mail Exchange
PTR Pointer - Address-to-Name Mapping.
HINFO Host Information
WKS Well Known Services
TXT Textual Information
RP Responsible Person

- Start Of Authority (SOA) -

<owner> <class> <ttl> SOA <source-dname> <mbox>
( <serial> <refresh> <retry> <expire> <minimum> )


dope.org. IN SOA ns1.dope.org. admin.dope.org. (
1 ; Serial Number
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day


The name dope.org. has to start in the first column of the file.
Also, make sure you have the trailing dot after the domain name, or
else you will run into problems. The IN means Internet. This is the
class of data. You probably won't see any other classes of data;
although they exist, they are not widely used. The other classes that
exist are the MIT Hesiod, and Chaos classes. The first name after SOA
is the name of the primary name server for this data. After that is
the email address of the person in charge of this data (ie, the DNS
admin), when you replace the "@" with a . - most of the time you see
root, hostmaster, etc in these. In BIND 4.9.3 and later, there is
another type of record, RP (Responsible Person), which also provides
for making the administrator's email address available. The
Parentheses allow the record to span more than one line. Supposedly,
you can use parentheses in any type of record, but I'm fairly sure
that in later versions of bind, you can only use it with SOA and WKS
records.

The first entry in each of these files is the SOA (Start of
authority) record. The SOA record indicates that this name server is
the best place to get dns information from for this domain. This
record indicates the name server that is authoritative for the domain.
A SOA record is required in each db file, and there can only be one in
each. SOA records are required for db.DOMAIN and db.ADDR files. Most
of what they do is provide information to secondary nameservers, like
the refresh times for the information.


- Name Server (NS) - Lists name servers for domain.

<owner> <class> <ttl> NS <name-server-dname>

dope.org. IN NS ns1.dope.org.
dope.org. IN NS ns2.dope.org.

Here, we have a NS record for each name server for this domain. This
says that there are two nameservers for dope.org. - ns1.dope.org and
ns2.dope.org. It is also necessary to add NS records for db.ADDR
files.


- Address (A) - Address records are used to translate a hostname into
its IP address.

<owner> <class> <ttl> A <address>

ns1.dope.org. IN A 207.112.208.11
k.dope.org. IN A 207.7.4.147

This is pretty straightforward. Address resource records provide
name-to-address mapping. DNS, unlike host tables, can provide more
than one address for a name. For instance, if a server is acting as a
router and has more than one IP address assigned to it, you can have
2 address records for the same machine. BIND also includes a feature
called address sorting, which will determine if any of the addresses
returned are on the same network, and if so, use them first. If this
is not the case, the addresses are rotated between queries, so that
they will be returned in a different order. This is called a "round
robin" scheme. For network testing purposes, it is usually a good idea
to create a separate address record for each IP address of a
multihomed machine, so you can test connections through any particular
channel. Let's say ns1.dope.org is a multihomed machine, which
performs routing. It has 2 IP addresses on the 2 networks which are
attached to it, so we make an address record for each one. If one of
the connections goes down, and the nameserver gives out the address of
the disconnected link, the machine may appear to be down. So, if you
tried to ping a machine, and the nameserver returned the wrong
address, it would appear that it was down. Just a safety tip, kids. :)

There is a nice shortcut which allows you to shorten your db entries
a bit. The second field of the primary boot file (See BIND Boot File)
specifies a domain. This domain is the "origin" of all the data in the
db file. It is appended to all names in the db file which do not have
a dot at the end of them. For example, in the db file for dope.org, we
would put an address record like this:

ns1.dope.org. IN A 207.112.208.11

Instead, you could just put in:

ns1 IN A 207.112.208.11

And .dope.org would be automatically added to the end of it. The same
goes for db.ADDR files, like this:

11 IN PTR ns1.dope.org.

This is why you want to make sure to put a dot at the end of every
complete name in the db files. What would happen if you put this in
the db file for dope.org?

ns1.dope.org IN A 207.112.208.11

This would be translated as ns1.dope.org.dope.org, which will
obviously cause problems.

Also, if the domain name for the DB file is the same as the origin,
you can replace it with an @ - Most often, this is used in SOA
records, instead of the first name. If the first name in a record is a
space or a tab, then the name from the previous record is used. This
would be useful if there are multiple records for one name. You can
use this even if they are different types of records. Example:

dope.org. IN A 207.112.208.11
IN MX mail.dope.org.

Here, the second record is assumed to be for dope.org.



- Canonical Name (CNAME) - Used for aliases.

<owner> <class> <ttl> CNAME <canonical-dname>

www.dope.org. IN CNAME ns1.dope.org.
ftp.dope.org. IN CNAME ns1.dope.org.

CNAME records are used for aliased names. For example, if a web
server is running on a machine with another name, the www hostname can
be aliased to another machine. When the name server looks up a name
and finds a CNAME record, it replaces the name with the aliased name,
and then looks up the new name. For instance, when our nameserver
looks up www.dope.org, it gets a CNAME record which points to
ns1.dope.org. The server then looks up the address of ns1.dope.org.
and returns both addresses.

For the most part, using address records instead of CNAME records
doesn't cause problems, since the resolver only really cares about
finding the IP address. The exception to this is sendmail, which acts
differently with alias records. Sendmail usually replaces aliases in
mail headers with the canonical name, and this can only happen if
the name actually has CNAME records for it.


- Pointer (PTR) - Provides translation from IP address to host name.

<owner> <class> <ttl> PTR <dname>

11.208.112.207.in-addr.arpa. IN PTR ns1.dope.org.

PTR records are located in the reverse lookup db files for IP
blocks. The file db.207.112.208 would contain information about all
the hosts in that network. Pointer records are used in these files to
map IP addresses to names. There is only one record for each IP
address. Also, the ip addresses should only point to the real
(canonical) name. If this is a multihomed host, the other IP
address(es) will go in the reverse lookup files for the other
networks.


- Host Information (HINFO) - Provides information about the server,
from what i have seen, this is not used very often. You can put
whatever you want in here really, but it is not a very common query
type.

<owner> <class> <ttl> HINFO <cpu> <os>

ns1.dope.org. IN HINFO 586/200 BSD/OS


- Mail Exchange (MX) - Mail exchange records are used to specify a
host, or a list of hosts, which are configured to receive email for
this domain. For example:

<owner> <class> <ttl> MX <preference> <exchange-dname>

dope.org. IN MX 5 mail.anet-chi.com.
dope.org. IN MX 10 mail.dope.org.

This shows that mail.anet-chi.com knows how to deliver or relay
email for dope.org, and is the preferable server. That is, email will
first be directed to mail.anet-chi.com, since it has the higher
preference, and will be directed to mail.dope.org if it cannot be
delivered to the first mail exchange.

The preference value is the order that a mailer should follow when
there is more than one way to send mail to a single machine. Lower
numbers indicate a higher preference, hence a mail exhchange with a
lower preference number will take priority over others in mail
delivery.



- Here is an example of a complete forward named database for a
domain.

;
@ IN SOA ns1.dope.org. hostmaster.dope.org. (
9705170 ; Serial number-YYYYMMDDHHHH
3600 ; Refresh every 2 days
3600 ; Retry every hour
36000 ; Expire every 20 days
36000 ); Minimum 2 days
;
IN NS ns1.dope.org.
IN NS ns1.dope.org.
IN MX 5 ns1.dope.org.
IN MX 10 mail.dope.org.
IN A 207.112.208.11
;
ftp IN A 207.227.148.245
mail IN A 207.227.148.245
www IN A 207.112.208.11



--- The BIND Boot File

Once you have created the db files, you must tell the nameserver to
load the information in them. It might be worth noting that the boot
file is only present in BIND, and not other nameservers. Then again,
BIND is the most popular and most effective by far, so this makes
sense. Anyway, the boot file basically just defines the zones to load
and where the nameserver can find the files. It also specifies where
the cache file is. In unix, BIND will assume this file to be
/etc/named.boot - however, you can give it a commandline option to
change it. It isn't really a bad idea to leave it in /etc, but i guess
it's up to you. I put the db files in /etc/named, you can put them
wherever you want. It makes no difference to the system, just as long
as you specify it in the boot file.

Here is a complete boot file.

;
; named boot file
;
directory /etc/named
;
; db files to read
;
primary dope.org db.dope.org
primary toxygene.org db.toxygene.org
primary 208.112.207.in-addr.arpa db.207.112.208
;
cache . db.cache
;
;end
;

--- Operation

Okay, so now that we have established all the major components of
DNS, Let's see how it works. Say a user on workstation.dope.org is
transferring files to/from a remote site. We'll make the remote site
remote.site.com in this case. When the user enters remote.site.com
into his file transfer client program, a DNS query is initiated. Here
is how the DNS query goes:

1> workstation.dope.org - Sends query for translation of
remote.site.com to local nameserver ns.dope.org.

2> ns.dope.org - Queries root server and determines nameserver for
site.com.

3> ns.dope.org - Queries remote nameserver ns.site.com with
remote.site.com.

4> ns.site.com - Translates remote.site.com into IP address and
returns answer to ns.dope.org.

5> ns.dope.org - Returns translated IP address to
workstation.dope.org.

Now, this is in an ideal situation. In the real world, often, the
primary nameserver is down or not responding. In the case of a timeout
during a query, the nameserver will instead ask the secondary server.

Each client machine on a tcp/ip network that uses DNS must have the
address of the nameserver programmed into its resolver software. On
almost all unix systems, the file with this information is
/etc/resolv.conf. On PC platforms, the nameserver information is
usually stored in the dialer configuration.

--- Other Useful Information:

- Whois:

Whois is a program run by a client machine that contacts the
nameserver for the speficied domain and retrieves information about
the domain. This information includes organization info, contact
names/email, addresses/etc, and primary/secondary nameservers. The
whois service is run by the InterNIC. It can also be used for looking
up information on blocks of IP addresses. Here are a few examples of
whois queries:

dope% whois dope.org
The DOPE Organization (DOPE3-DOM)
P.O. Box 31337
Lamersville, IL 60069

Domain Name: DOPE.ORG

Administrative Contact, Technical Contact, Zone Contact:
Dope Admin (DA31337) eleetwebd00d@dope.org
847-256-5928 (FAX) 000-000-0000
Billing Contact:
Dope Admin (DA31337) eleetwebd00d@dope.org
847-256-5928 (FAX) 000-000-0000

Record last updated on 31-Jan-97.
Record created on 31-Jan-97.
Database last updated on 30-Dec-97 05:36:07 EDT.

Domain servers in listed order:

ZEUS.ANET-CHI.COM 207.7.4.6
ZEUS.ANET-DFW.COM 206.97.156.6


The InterNIC Registration Services Host contains ONLY Internet
Information (Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

dope% whois net 207.112.208
NAP.NET, LLC (NETBLK-CNAP-NN03) CNAP-NN03 207.112.128.0 - 207.112.255.0
Western Pacific Network Services (NETBLK-ANETCH-NN0416-NET) ANETCH-NN0416-NET
207.112.208.0 - 207.112.211.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

The InterNIC Registration Services Host contains ONLY Internet
Information (Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

Whois can also retrieve information on domain contacts, like name,
address, telephone number, and email address. Whois also accepts
wildcards for domain names and contact names, and will reply with a
list of matches. For instance, the command "whois bob smith" would
return a list of all domain contacts listed with the name "bob smith"
and their NIC handles. When you register a domain name, you receive a
NIC handle that helps expedite future domain registrations. A NIC
handle is in the format of First-Initial, Last-Initial, Number - So
Bob Smith's NIC handle might look something like BS4901. Typing "whois
BS4901" will display all of the listed information for that person.


- Nslookup and dig:

Nslookup is a utility, originally coded for unix, that allows you to
manually query a nameserver. There are two modes, interactive and
non-interactive mode. Interactive mode gives you a sort of shell from
which you can query the remote server, set options, etc. In the
non-interactive mode, nslookup simply returns the requested
information for the host or domain. Non-interactive mode is used when
the first argument given to the command is the domain or address. It
looks something like this:

dope% nslookup www.dope.org
Server: ns.dope.org
Address: 0.0.0.0

Name: www.dope.org
Address: 207.112.208.11

(Note: nslookup returns 0.0.0.0 as the server address when the name
server is running on the local machine)

There are many commands you can use in interactive mode. The manual
pages for your unix should provide you with specifics, but here are a
few commands.

server [domain] - Changes the nameserver being queried to [domain].

ls [option] domain [> filename] - Lists information available for
specified domain, prints hostnames and IP addresses. By using file
redirection arrows ( >filename, >>filename ) you can redirect the
output to a file.

Options:
-t [querytype] - Sets the query type. These include A, CNAME,
PTR, etc..
-d - Lists all records available for domain.

set keyword[=value] - Sets options for lookups.
Keywords:
class=value - Change the query class (IN, CHAOS, HESIOD, ANY)
[no]debug - Turn debugging mode on [or off]
[no]d2 - Turn exhaustive debugging on [or off]
domain=name - Change default domain name
type - Set query type (A, CNAME, MX, etc)
retry=number - Set number of retries before giving up

exit - guess.

help - ""

Here is an example of some fun stuff you can do with nslookup.

dope% nslookup
Default Server: ns.dope.org
Address: 0.0.0.0

> server victim.com
Default Server: victim.com
Address: 201.0.0.1

> ls victim.com
[victim.com]
victim.com. server = victim.com
victim.com. server = ns2.victim.com
victim.com. 201.0.0.1
hackme 201.0.0.5
please 201.0.0.6
my 201.0.0.8
dns 201.0.0.9
admin 201.0.0.11
is 201.0.0.12
an 201.0.0.15
idiot 201.0.0.17

So, you see, nslookup can be a useful tool. It can be used to gather
lots of information on a domain. If the dns administrator has not
secured the server against this kind of queries, (and in most cases
they dont) you can obtain a complete list of every hostname under that
domain.

Dig (Domain Information Groper) is another unix tool which you can
use to gather information from dns servers. Dig has a simple
interactive mode, and a batch mode which executes a list of queries.
It works much similar to nslookup, but has more options and features.
For exact syntax, refer to the manual pages for dig on your unix
system.

--- Summary

Well, if you actually read all of this, I hope you learned
something. :) DNS is a protocol crucial to the smooth operation of the
internet. People who know DNS and BIND are very much in demand at this
time, as are most people who are skilled in unix and the internet.
Poor DNS administration can result in major network disruptions,
denial of service, and other unpleasant things that administrators
don't like. This text is probably not detailed enough if you really
want to learn DNS inside and out. If you are looking at becoming a DNS
administrator, or even just setting up BIND to play around with, I
highly recommend O'Reilly Books' DNS and BIND by Albitz and Liu. It
contains just about every piece of information and advice that you
could possibly want on the topic of DNS, and there is an updated
version released in early 1997.. Also, I would suggest reading all of
the related RFC's, especially RFC1034 and RFC1035. These are the
blueprints for the way the Internet is structured.

Anyway, thanks for taking the time to read this, and if you have any
questions/comments/complaints/suggestions, please contact me through
email. Peace..

stash
stash@dope.org

--- GLOSSARY

BIND: Berkeley Internet Name Domain
DB: DataBase
DNS: Domain Name System
FQDN: Fully-Qualified Domain Name
ISC: Internet Software Consortium
NIC: Network Information Center
NS: Name Server
RFC: Request For Comment
TLD: Top-Level Domain
TCP/IP: Transmission Control Protocol/Internet Protocol

--- Pseudo-Bibliography

These sources were used for background info, paraphrasing, and stuff
like that.

1. DNS and BIND - By Paul Albitz & Cricket Liu - O'Reilly &
Associates, Inc. ISBN 1-56592-236-0

2. comp.protocols.tcp-ip.domains FAQ - Maintained by cdp@pfmc.net

ftp : rtfm.mit.edu : /pub/usenet/news.answers/internet/tcp-ip/domains-faq

3. RFC-1035 "Domain names - Implementation and Specification"

4. BSD/OS Nslookup manual page - Andrew Cherenson


* END SECTION 5 *


×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×

S E C T I O N S I X

news topix - for and about the scene

compiled through various sources

×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×x×


Carding Spy Satellite Photo's!
12/97
It was really just a matter of time before someone did this.
The irony is that it is completely legal. This past month
was the launching of the world's first commercial spy
satellite. Grab your American Express and you can visually
ownz just about anyone.

This first satellite launched is known as "EarlyBird 1" and
can actually snag 10 feet across pictures while it sails 295
miles above us. The sad part is that this is actually of avail
to people via the web. Before you purchase any images you
must register with Earthwatch, Inc. Images they already have
that you may be looking for may cost as little as a few dollars,
but although their site isn't even fully up and running with
exact pictures of what people want, people are putting in orders
with their credit cards and paying up to three hundred dollaz
for this.

It is definately going to be utilized by more than the common
overly rich individual however. This service is going to be
available to everyone via the website of www.digitalglobe.com.
EarlyBird 1 was launched from a military base in Russia and many
other satellites are soon to launch from various other countries.
One problem is the manipulation of possible credit card fraud
being utilized just so people can spy without having any link back
to them as long as they register completely with the card owners
info. Right now, the United States Government has allowed the use
of this satellite system in most areas of the nation, except ones
of a tender nature (of course, that's a gimme). The USA is also
screening all foreign customers of EarthWatch Inc., which is
based out of Longmont, Colorado. Happy ownzing peoples!



* END SECTION 6 *


¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,
_ _______ ______ ___ ___ ____ _
/___/ /___/ / / /__) /_
_ __/ _/ \ _/__/ _/__) _/____ _ _ _
/ I N D U S T R I E S
¬,¬,¬,¬,¬,¬,¬,¬,/¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬, M A G A Z I N E
P H I L E S 1 9 9 8


y0 p33ps! please check out our dope web site!

http://dope.org/pimp

site has:
back issues in the archives
new issues as soon as they come out
pimp member listing with email links and web links
phat links to other sites of interest
pix of pimps and chicago, pimp whq
mailing list for pimp inpho's
etc.. etc.. good phun, hit the damn site already!

thanx to stash for providing space for our site!


××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
× ×
× the following boards listed hold true to the scene and if you ×
× are deep into h/p and the likes, i suggest you give them a call. ×
× some are gone and i haven't kept up with all of them.. most ×
× should be all good. ×
× -fringe ×
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××


Apocalypse 2ooo - H/P/Rave/Ska/Punk/home of the PIMPS!
pimp ownzed by subhuman, jello biafra, fringe, the whole crew!
+1-847-831-0484 - *NO* ratio. 1 gig online.
for more info: http://dope.org/fringe/apoc.html
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the Apoc2k homepage
(Note: we may be changing our number again, but this would mean
a possible telnet line.. so it'll be all good)


The Centre' - H/P pimp ownzed by luthor!
more than a gig online plus cd's.
+000-PRI-VATE

Poison Pen - H/P, *NO* ratio
+1-847-966-2095

Moo 'n' Oink - H/P pimp ownzed by stash!
+1-847-256-5928

Microcosm - H/P
+1-904-484-5548

Underworld 96
**(514) toast**

Aneurysm - H/P - NUP: Discipline
+1-514-458-9851

Last Territory - H/P
+1-514-565-9754

Linoleum - H/P
**(704) toast**

Hacker's Haven - H/P
+1-303-343-4053

Digital Disturbance - H/P
**(516) toast**

Hacker's Hideaway - H/P
+1-416-534-0417

TOTSE - H/P and crazy other amounts of info
+1-510-935-5845

The Switchboard - H/P
+31 ***TOAST*** and will be missed.

Arrested Development - H/P
+31 ***TOAST*** and will be missed.


----- If you'd like to write for PIMP, you can send any and all worx
to pimp@dope.org

all worx will be looked at and considered. all credit is always
going to be given to whomever the giver is, unless you would
rather not be known. PIMP Issue numbah sixteen - out.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close