Power Hacker 2003

home *** CD-ROM | disk | FTP | other *** search

/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / pimp / pimp16.198 < prev next >

Wrap

Text File | 2002-05-27 | 53.6 KB | 1,409 lines

PIM.,PIMPIMPIMPI. MPIM IMPIMPIMPI, .MPIMPIMPIMP MPI,.MPIMPIMPIM. MPIMPIMPIMPIMPIM. PI IMPIMPIM PIMPIMPIM PIMPIMPIMPIMPIMP. PIMPI 'MPIMPI PIMPIMPI MP IMPIM IMPIM `PIMPIM PIMPI MPIMPI PIMPI. PIM PIMP IMP IMPIM PIMPI PIMPIM MPIMP .IMPIMPI PIMPI PIM PIMPIMPI MPIMP PIMPI. ,MPIMPIM MPIMPIMPIMPIMPI' MPIM IMP IMPIMP IMPIM PIMPIMPIMPIMPIM' MPIMPIMPIMPIM' PIMP PIM PIMPIM PIMPI PIMPIMPIMPIMP' PIMPI IMPI MPI MPIM PIMPI PIMPI MPIMP MPIM MPI MPIM PIMPI MPIMP IMPIM PIMP MPI MPIM PIMPI IMPIM PIMPI IMPI MPI MPIM PIMPI PIMPI MPIMP MPIM MPI MPIM PIMPI MPIMP .IMPIMPI,. .PIMP. .MPIMP, IMP' IMPIMPI. .IMPIMPI,. MPIMPIMPIMPIM IMPIMPIMP MPIMPIMP `IM PIMPIMPIMPI MPIMPIMPIMPI | | ---+--------------------------------------+---- | ____ ____ _ _ ____ | | /\ | |_ _| | \__/ | | /\ | | \/_| _||_ | | | \/_| | | |__| |____| |_|\/|_| |__| --+----------------+--- | | | ---+----------- PROBE INDUSTRIES MAGAZINE PHILES | | ISSUE NUMBER 16 ---+--- RELEASED: 01/98 | | | ----------+-------------------------------+---- | | | --------+----- | with the new year, comes no phear. get new issues and news from us via our phat website!! http://www.dope.org/pimp/ to join the PIMP mailing list, please email pimp@dope.org and put the word subscribe in the message body. | ---------------+--- | +---------------------------------------------------------------+ | p u b l i c l y d i s c l o s e d | | a f f i l i a t e s | +----------------+------------------+---------------------------+ | known as: | pimp domain | inpho | +----------------+------------------+---------------------------+ | fringe | chicago | fringe@dope.org | | stickman | chicago | apocapimpin' | | subhuman | chicago | subhuman@dope.org | | stash | chicago | stash@dope.org | | insane lineman | chicago | lineman@dope.org | | jello biafra | chicago | apocapimpin' | | smokee | chicago | pimpin' | | qball | chicago | pimpin' | | special-k | germany | special-k@dope.org | | luthor | maine | east coast HQ, pimpin' | | -Q- | new york | pimpin' | | silo | chicago | silo@dope.org | | darkelf | chicago | darkelf@dope.org | | mastermind | florida | pimpin' | | jcgangster | ohio | pimpin' | +----------------+------------------+---------------------------+ preface: the magazine following is an electronic publication to help inform society on details they may overlook in life, computers and telephony they may not understand, and to broaden anyone and everyone's knowledge. there is no blatently illegal information discussed here. there is knowledge and understanding.. knowledge is the power, the power to the people, the people are the knowledge. everything is on a need to know basis for us. we all need the want to know. ===================================================================== T A B L E O F C O N T E N T S I S S U E S I X T E E N ===================================================================== +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + a governmental commentary + + + + + + + + one + pimped fo you by luthor + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + SecurIDs discussed + + + ...proper use and utilization... + + + + + two + pimped fo you by fringe + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + a brief tutorial on ALLTEL bank systems + + + ...first in a possible series... + + + + + three + pimped fo you by stickman + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + a listing of companies that can get you dox on peoples + + + + + + + + four + pimped fo you by stickman + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + DNS (Domain Name System) discussed inside-out + + + + + + + + five + pimped fo you by stash + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + + sekshun + news topix for and about the scene + + + + + + + + six + -various sources- + + + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N O N E Governmental Commentary pimped fo you by luthor ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ ---------------------------------------------------------------------- "When in the course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume, among the powers of the earth, the seperate and equal station to which the laws of nature and nature's god entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which empel them to the seperation." ---------------------------------------------------------------------- This article is not a technical document, but more of an opinionated view on government. Because PIMP is not just a technical magazine writing group of people, but a group of people who write a magazine to further inform the community of things going on around them that isn't available in plain view. Since alot of people are negligent to view all sides of government I have decided to write this. If you look on the world wide web, bulletin boards, etc. you will find everywhere something to do with "Anarchy". Most people associate Anarchy with building bombs, anti-government, and utter- chaos. This is just not true. Another term that is used with Anarchy is Libertarianism. This is a state of government where people make the best choices for themselves based on the information provided to them from the general public, and researched by themselves. It is because of this that Libertarians stress education so much rather than stressing regulation. If you were to ask me, regulation permits us to learn what we need in order to make these decisions. The way I see it, the government creates regulations that schools must abide by in order to run and help its students "learn". These regulations create people who are easier to control, therefore they get what they want easier. The public must not only learn within these regulations, but also on thier own outside of the school system, by using resources around them, such as PIMP publications, the world wide web, bulletin boards, etc. A while ago, I was doing some research for myself, and have found that there is now an amendment (or one proposed) against burning the flag, and there is also one against burning money. Now, If you ask me, what does it matter to someone if I burn money which was earned by me? What should it matter to people if I burn a piece of cloth within the confines of my own home? It shouldn't. People will always come back with saying "Burning the flag is unpatriotic". The first amendment states that Congress shall make no law respecting an establishment of religion or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people to peacefully assemble, and to petition the government for a redress of grievances. I find that burning the flag and/or money is my freedom of speech, it just is not a spoken, or a written freedom of speech. Enough of this informational piece of text, look for more from me in the future. And remember, they can't take away your freedom, nor your liberty. -luthor * END SECTION 1 * ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N T W O SecurID's discussed. basic use and utilization. pimped fo you by fringe ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ ---------- Background: SecurID's are credit card-like security devices used by many large corporations in order to verify user authentication when a user is calling in to a proprietary computer system. These are approximately the same size as a credit card and they have an lcd on them. This is an overview of how they are utilized. ---------- communication settings The following settings are required for the authentication server: Parity None Data bits 8 Stop bits 1 Duplex Half Flow Control On you will need a normal terminal program to call the system, however a lot of corporations have specialized software for mac's and pc's to make it more user friendly for their employees.. you may have heard of appletalk software and other such programs that are vastly used by corps.. these gui's can be helpful to have in case you are having trouble "getting in". they usually have a few scripts to run for this and that.. everything's point and click... blah blah blah.. back to the issue at hand. call the SecurID dial-up that you have.. and you do need this in order to use the card. CONNECT 14400 to activate it.. do the following if you can't get it to work right off the bat: when prompted for Username:, you need to type the correct login that is used to activate that corp/company's card. most of them use the account 'activate' without the 's of course. at the login: prompt type your SecurID userid in lower case. at the Enter PASSCODE prompt type the digits shown on the SecurID. you will then be prompted to enter your PIN code; - this will be your 4 to 8 digit Personal Identification Number - only numbers can be used, without leading zeroes you will then be prompted to confirm this number by re-entering it you will be prompted to wait for the displayed number on your card to change, then enter the PIN chosen above followed by the number displayed on your SecurID card. if you were successful, the following will be displayed: *NOTICE* Your SecurID card has been verified and turned on.... Please press enter to exit.... ACCEPTED go ahead, press enter. You should get the following response: Connection closed by foreign host (WOW!) call back up to start a new normal good vibes session. at the Username: prompt enter in the SecurID userid in lower case. at the password prompt enter your PIN and SecurID card number together, without anything between them (for example: 123456999999 where 123456 is your PIN and 999999 is da numba displayed on the card) at this point, you will be at a terminal server prompt, and from here on it depending on what corp/company you're in, there are different things to do. nonetheless, at this point, you're 'in' the system hopefully successfully. problem? receiving message Access Denied when logging in with SecurID? you probably entered the PASSCODE wrong your card could have been clicked off due to 3 invalid logins in a row your SecurID has become out of sync with the authentication server. have fun.. some of the largest peoples using this include telco's.. and when their cards are found.. well they usually tend to leave all the info with it.. telco people are slow like that. * END SECTION 2 * ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N T H R E E Welcome to the realm of computer banking. I recently found my self with computer manuals from a very large banking institution. So as usual with tha pimps, we decided to spread the knowledge. -Stickman ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ NOTE: this phile will give you a detailed listing of what you may find in this system, and various commands users can use. This file is not meant to help people infiltrate bank systems or to steal. Very little detail of how to use the information is given; but the manuals themselves gave very little inpho. The following commands are for a banking system called ALLTEL. When connecting to an ALLTEL system it will prompt you with: PLEASE LOGON SYSTEM-A type in the command: ATPX press enter here is the screen that will be displayed next Userid: 13:44:55 Password: 10/06/97 New Password: CLH3065D Transfer: 3278-2 SMRTCHIA PF1 = HELP PF3 = Logoff There are several different processing regions in the ALLTEL system. The next screen will show you all of the regions you have access to. TPX MENU FOR USERID:XXXXXX TERMINAL: CLH3065D MODEL: 3278-2 SYSTEM: ATPX CMD=PF24 MNU=PF22 JMP=PF23 /H FOR HELP _ACICSX PFK 1 SYSTEMATICS PRODUCTION CICS _ACICSA PFK 2 NON-SYSTEMATICS PRODUCTION CICS _AIMS PFK 3 HOGAN PRODUCTION _ATSO PFK 4 TSO ON PRODUCTION _CCICS10 PFK 5 SYSTEMATICS TEST CICS _ACICSG PFK SIMS SYSTEMATICS PRODUCTION _CCICS1 PFK 6 TEST CICS1 _CCICS4 PFK CCICS4 MRO _CCICMSC2 PFK TEST CICS MISCL2 _CTSO PFK TSO ON 9672C _CMS PFK PROFS AT BANK OF MONTREAL _AVCN52 PFK PROFS AT BANK OF MONTREAL _CCCTRNX PFK SYSTEMATICS XGN TRAINING _CCICMSC3 PFK SYSTEMATICS XGN APPLICATION Command= PFK USAGE 7/19=UP 8/20=DOWN 10/22=LEFT 11/23=RIGHT You can page through the selections, however you need to place an S in front of the system you wish to access. F12 will always take you back to the previous screen F8 to page down F7 to page back up Note: If you hit F12 to many times the screen will go blank and you need to type CESF LOGOFF to exit and re-enter the system. ----------------------------------- All customer service screen commands start with RM: RMLP use to locate a customer when uncertain of exact name RMAB listing of all customers accounts and their relationship to each account RMRB shows account holders and signers RMNB shows previous and current names used on the cis record RMMB shows previous and current names used on the cis record RMDB list ytd average balances on all deposit accounts RMBC shows cardholders name, ATM card number, and accounts linked to card RMI1 shows cardholders name, address, phone number, social security number and DoB RMI2/RMLM shows file maintenance history on the cis record RMI4 shows customers total assets and liabilities with band from a customer perspective RMID shows total number of deposit accounts with ledger available balances given RMIL shows total number of loans with balances available credit given ----------------------------------- CIS screens COMMAND WHAT YOU WILL SEE RMC1 name, address, ss# RMC2 branch number RMC3 drivers license number, birthdate, maiden name, gender, spouse RMC4 customer employment information RMC5 comercial contact information RMC8 remarks ----------------------------------- IMPACS = CHECKING IMPACS SCREEN COMMANDS COMMAND WHAT YOU WILL SEE IMI1-page 1 account information--- name, status, account type, tin number, balance info IMI1-page 2 check trunc 0 -= non-truncated, 1=truncated, branch, officer, statement cycle, service charges, funding flag, interest and tax info IMI2 Previous 2 cycles and current Cycle Account History with select criteria IMI3 Current Cycle History information in statement format with running balances IMI4 Detailed Account Balance info - checking, holds, loans, and savings trailer IMI5 Stop/Hold and special instructions IMI6 Overdraft Protection LOC info IMI7 Savings Trailer info IMI8 Average Collected Balance information specific to each checking account with current month listed first IMI0 Overdraft History information times = days * END SECTION 3 * ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N F O U R A listing of places that will help you pull d0x! Trying to find someone? Got a name but no idea where in the world they are. Well we have compiled a list of agencies, firms, and public access spots where you can find and locate almost anybody. compiled fo you by stickman ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ Automated Name Index PO BOX 813 Glendale, CA 91209 Data Check P.O. Box 922169 Sylmar, CA 91392 (818) 783-DATA J. Diliian Ross and Co. PO Box 539 Pauma Valley, CA 92061 (619) 742-4273 [computer Super Bureau Inc. 2600 Garden Road West 224 Monterey, CA 93940 (800)541-6821 UCC Network 185-A Commerce Circle Sacramento, CA 95815 (916)929-4311 California Municipal Court Records (computer) (800)332-7999 (7,E,1 login CISDEMO) Search Unltd. 18010 Sky Park Circle Suite 205 Irvine, CA 92714 (714) 474-1916 Court Record Consultants 17029 Devonshire St. Suite 166 Northridge, CA (818)366-1906 The Source PO Box 88 Cookeville, TN 38503 (800)678-8774 Data Search 3600 American River Drive Sacramento, CA 95864 (916)485-3282 Intelligence Network Inc. PO Box 727 Clearwater, FL 34617 (813) 449-0072 APscreen (Bank account searches) 2043 Westcliff Dr. Suite 300 Newport Beach, CA 92660 (714) 646 4003 Atlantic Int'l Associates (207)761-5974 National Information Resource Service P.O. Box 1021 Jackson, MI 49204 (517) 783-4545 Locate Unlt'd (800)365-5622 DataQuick (Real Estate) 13160 Mindanao Way Suite 240 Marina Del Rey, CA 90292 (213) 306-4295 AA Credit Info Services 4419 Cowan Raod, Suit 201A Tucker, GA 30084 (404) 621-0151 Farmer & Assoc. 16845 N. 29th Ave Suite 1205 Phoenix, AZ 85023 (602)843-5216 DataFax (National Assoc. Of Investigative Specialists Inc.) (512) 832-0355 CDB Infotek 701 S. Parker Ave. Suite 4500 Orange, CA 92668 (714) 542-2727 DataTrac P.O. Box 702 Port Coquitlam, B.C. V3B 6H9, Canada (604) 469-0114 Trans Union Credit Info 1561 E. Orangethorpe Ave Fullerton, CA 92631 (213) 620-1355 * END SECTION 4 * ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N F I V E DNS (Domain Name System) discussed inside-out pimped fo you by stash ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ --- Foreword Dec 1997 stash@dope.org While I have tried to make this paper as easy to understand as possible, there are sections that are fairly descriptive. In other words, this is a serious document. I have spared you from my opinion, whenever possible, and just provided the facts. I'm not a certified teacher, and I'm not particularly good at writing (at least I dont think so.) So, I have tried to be very straightforward in my explanations of everything. A few pieces of text are taken from other publications, because I couldn't really think of a much better way to say whatever it was.. For the examples, I have used real screen captures, with some minor editing. Some of these hosts really exist, some don't.. Use your imagination. Also, this is a fairly long paper, but it is also fairly comprehensive. Let me know what you think. Having said all that, lets get started... --- What is DNS? DNS (the Domain Name System) is a set of distributed databases containing IP addresses and their corresponding domain names. DNS, with servers located all over the internet, performs the translation back and forth between names and numbers. This allows any network address to be assigned a relatively easy-to-remember alphanumeric name, instead of the numeric addressing scheme used internally by TCP/IP networks. DNS was originally designed to replace the /etc/hosts files on unix systems. Most often, DNS is used to perform translation between host names and IP addresses. For example, when you enter "www.theonion.com" into your web browser, your dialer or TCP stack performs a dns query to obtain the numeric IP address of the site. In most cases with internet providers, the client computer is programmed with the IP address of the ISP's nameserver, which it queries when it needs to translate an ip address. BIND: BIND (Berkeley Internet Name Domain) is an implementation of DNS, both client and server. Presently, you can find information on the latest versions of BIND (Coordinated by Paul Vixie, programmer of numerous other unix programs) at: http://www.vix.com/isc/bind - Development of BIND is coordinated by the Internet Software Consortium. BIND has been ported to Windows NT and VMS, although it was originally designed for unix, and unix-based nameservers are still dominant over servers based on other platforms. Most people, by this point, should be using BIND 4.9.3 or later, and if you're not, its not a bad idea to upgrade. Older versions of BIND are now quite vulnerable to ip spoofing and other nasty stuff. The BIND program (you can assume i'm talking about BIND for unix from now on) consists of a nameserver program, a boot file, and database files. There are db files for hostname-to-address translation ( db.DOMAIN ), and db files for address-to-hostname translation ( db.ADDR ). The boot file contains information for which domains to answer queries for, as well as telling the nameserver where the database and cache files are located. For servers that act as secondary nameservers for a domain, the boot file specifies the address of the primary server as well as the file name. When the server is started, it loads all of the db files specified in the named boot file (The default is /etc/named.boot). After it has done this, it binds to a port and begins answering queries from remote machines. I'll explain the different types of queries later. --- Overview of DNS: In the Domain Name System naming of computers, there is a hierarchy of names. The root of the system is unnamed. There are a set of Top- Level Domain Names (TLDs). These are the standard TLDs, like .COM .NET .ORG .EDU .MIL .GOV, as well as the 2-letter country codes such as .US .CA .JP. The generic TLDs are assigned as follows: - Worldwide Generic Domains: .COM - Commercial Organizations - Companies. .NET - Networking Organizations - This TLD is intended for Network operations, Computers, network nodes, administrative servers, etc. .ORG - Not-For-Profit Organizations, or other organizations that don't fit anywhere else. .EDU - Reserved for 4-Year Schools. Originally intended for all schools, but recently has been limited to 4-year colleges and universities. 2-Year colleges and other schools use the country domains (k12.il.us) .GOV - Government Networks. Originally intended for any kind of government agency, but recently has been limited to agencies of the U.S. Federal government. State and local agencies use the country domains. Authority for these generic TLD's is delegate by the internet network information center (InterNIC), which is sponsored and funded by the National Science Foundation. Registering a domain name in one of these TLD's consists of applying to the InterNIC and paying $100 (1997 :) for the first 2 years of domain name service. After the domain is registered, the InterNIC updates their root servers, and when a query is received for the domain, it is directed to the local nameserver. You can get the latest copy of the domain application form at ftp://rs.internic.net/templates/domain- template.txt - U.S. Only Generic Domains: .MIL - This domain is used by the U.S. Military. Instead of the InterNIC, which controls most of the generic TLD's, .MIL domains are controlled by the Defense Data Network's NIC server (nic.ddn.mil). You should use this server for lookups if you are retrieving information about U.S. Military hostnames. Country Code Domains: US - For example, the .US domain covers all kinds of entities in the United States, based on physical geography. The hostnames are in the basic form: <name>.<locality>.<state-code>.US. For example, nowhere.chicago.il.us. Additionally, branches of the .US domain are provided within each state for different types of organizations, such as Schools (K12), Community Colleges (CC), and state government agencies (STATE). --- The 2 basic parts of DNS: - Nameserver: The server end of DNS. The server answers queries from remote clients with the requested translation. Nameserver refers to a computer on the network running BIND or another implementation of DNS. - Resolver: This is the client side of DNS. The job of the resolver is to take requests from the user, and retrieve a translation from the nameserver. --- NAMED, specifically BIND, databases: --- DNS Master File Format (From RFC1035, pages 33-35) The format of these files is a sequence of entries. Entries are predominantly line-oriented, though parentheses can be used to continue a list of items across a line boundary, and text literals can contain CRLF within the text. Any combination of tabs and spaces act as a delimeter between the separate items that make up an entry. The end of any line in the master file can end with a comment. The comment starts with a ";". SOA Start Of Authority - Indicates authority for this domain data. NS Name Server - Lists a name server for this domain. A Address - Name-to-Address Mapping. CNAME Canonical Name - For Aliases. MX Mail Exchange PTR Pointer - Address-to-Name Mapping. HINFO Host Information WKS Well Known Services TXT Textual Information RP Responsible Person - Start Of Authority (SOA) - <owner> <class> <ttl> SOA <source-dname> <mbox> ( <serial> <refresh> <retry> <expire> <minimum> ) dope.org. IN SOA ns1.dope.org. admin.dope.org. ( 1 ; Serial Number 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day The name dope.org. has to start in the first column of the file. Also, make sure you have the trailing dot after the domain name, or else you will run into problems. The IN means Internet. This is the class of data. You probably won't see any other classes of data; although they exist, they are not widely used. The other classes that exist are the MIT Hesiod, and Chaos classes. The first name after SOA is the name of the primary name server for this data. After that is the email address of the person in charge of this data (ie, the DNS admin), when you replace the "@" with a . - most of the time you see root, hostmaster, etc in these. In BIND 4.9.3 and later, there is another type of record, RP (Responsible Person), which also provides for making the administrator's email address available. The Parentheses allow the record to span more than one line. Supposedly, you can use parentheses in any type of record, but I'm fairly sure that in later versions of bind, you can only use it with SOA and WKS records. The first entry in each of these files is the SOA (Start of authority) record. The SOA record indicates that this name server is the best place to get dns information from for this domain. This record indicates the name server that is authoritative for the domain. A SOA record is required in each db file, and there can only be one in each. SOA records are required for db.DOMAIN and db.ADDR files. Most of what they do is provide information to secondary nameservers, like the refresh times for the information. - Name Server (NS) - Lists name servers for domain. <owner> <class> <ttl> NS <name-server-dname> dope.org. IN NS ns1.dope.org. dope.org. IN NS ns2.dope.org. Here, we have a NS record for each name server for this domain. This says that there are two nameservers for dope.org. - ns1.dope.org and ns2.dope.org. It is also necessary to add NS records for db.ADDR files. - Address (A) - Address records are used to translate a hostname into its IP address. <owner> <class> <ttl> A <address> ns1.dope.org. IN A 207.112.208.11 k.dope.org. IN A 207.7.4.147 This is pretty straightforward. Address resource records provide name-to-address mapping. DNS, unlike host tables, can provide more than one address for a name. For instance, if a server is acting as a router and has more than one IP address assigned to it, you can have 2 address records for the same machine. BIND also includes a feature called address sorting, which will determine if any of the addresses returned are on the same network, and if so, use them first. If this is not the case, the addresses are rotated between queries, so that they will be returned in a different order. This is called a "round robin" scheme. For network testing purposes, it is usually a good idea to create a separate address record for each IP address of a multihomed machine, so you can test connections through any particular channel. Let's say ns1.dope.org is a multihomed machine, which performs routing. It has 2 IP addresses on the 2 networks which are attached to it, so we make an address record for each one. If one of the connections goes down, and the nameserver gives out the address of the disconnected link, the machine may appear to be down. So, if you tried to ping a machine, and the nameserver returned the wrong address, it would appear that it was down. Just a safety tip, kids. :) There is a nice shortcut which allows you to shorten your db entries a bit. The second field of the primary boot file (See BIND Boot File) specifies a domain. This domain is the "origin" of all the data in the db file. It is appended to all names in the db file which do not have a dot at the end of them. For example, in the db file for dope.org, we would put an address record like this: ns1.dope.org. IN A 207.112.208.11 Instead, you could just put in: ns1 IN A 207.112.208.11 And .dope.org would be automatically added to the end of it. The same goes for db.ADDR files, like this: 11 IN PTR ns1.dope.org. This is why you want to make sure to put a dot at the end of every complete name in the db files. What would happen if you put this in the db file for dope.org? ns1.dope.org IN A 207.112.208.11 This would be translated as ns1.dope.org.dope.org, which will obviously cause problems. Also, if the domain name for the DB file is the same as the origin, you can replace it with an @ - Most often, this is used in SOA records, instead of the first name. If the first name in a record is a space or a tab, then the name from the previous record is used. This would be useful if there are multiple records for one name. You can use this even if they are different types of records. Example: dope.org. IN A 207.112.208.11 IN MX mail.dope.org. Here, the second record is assumed to be for dope.org. - Canonical Name (CNAME) - Used for aliases. <owner> <class> <ttl> CNAME <canonical-dname> www.dope.org. IN CNAME ns1.dope.org. ftp.dope.org. IN CNAME ns1.dope.org. CNAME records are used for aliased names. For example, if a web server is running on a machine with another name, the www hostname can be aliased to another machine. When the name server looks up a name and finds a CNAME record, it replaces the name with the aliased name, and then looks up the new name. For instance, when our nameserver looks up www.dope.org, it gets a CNAME record which points to ns1.dope.org. The server then looks up the address of ns1.dope.org. and returns both addresses. For the most part, using address records instead of CNAME records doesn't cause problems, since the resolver only really cares about finding the IP address. The exception to this is sendmail, which acts differently with alias records. Sendmail usually replaces aliases in mail headers with the canonical name, and this can only happen if the name actually has CNAME records for it. - Pointer (PTR) - Provides translation from IP address to host name. <owner> <class> <ttl> PTR <dname> 11.208.112.207.in-addr.arpa. IN PTR ns1.dope.org. PTR records are located in the reverse lookup db files for IP blocks. The file db.207.112.208 would contain information about all the hosts in that network. Pointer records are used in these files to map IP addresses to names. There is only one record for each IP address. Also, the ip addresses should only point to the real (canonical) name. If this is a multihomed host, the other IP address(es) will go in the reverse lookup files for the other networks. - Host Information (HINFO) - Provides information about the server, from what i have seen, this is not used very often. You can put whatever you want in here really, but it is not a very common query type. <owner> <class> <ttl> HINFO <cpu> <os> ns1.dope.org. IN HINFO 586/200 BSD/OS - Mail Exchange (MX) - Mail exchange records are used to specify a host, or a list of hosts, which are configured to receive email for this domain. For example: <owner> <class> <ttl> MX <preference> <exchange-dname> dope.org. IN MX 5 mail.anet-chi.com. dope.org. IN MX 10 mail.dope.org. This shows that mail.anet-chi.com knows how to deliver or relay email for dope.org, and is the preferable server. That is, email will first be directed to mail.anet-chi.com, since it has the higher preference, and will be directed to mail.dope.org if it cannot be delivered to the first mail exchange. The preference value is the order that a mailer should follow when there is more than one way to send mail to a single machine. Lower numbers indicate a higher preference, hence a mail exhchange with a lower preference number will take priority over others in mail delivery. - Here is an example of a complete forward named database for a domain. ; @ IN SOA ns1.dope.org. hostmaster.dope.org. ( 9705170 ; Serial number-YYYYMMDDHHHH 3600 ; Refresh every 2 days 3600 ; Retry every hour 36000 ; Expire every 20 days 36000 ); Minimum 2 days ; IN NS ns1.dope.org. IN NS ns1.dope.org. IN MX 5 ns1.dope.org. IN MX 10 mail.dope.org. IN A 207.112.208.11 ; ftp IN A 207.227.148.245 mail IN A 207.227.148.245 www IN A 207.112.208.11 --- The BIND Boot File Once you have created the db files, you must tell the nameserver to load the information in them. It might be worth noting that the boot file is only present in BIND, and not other nameservers. Then again, BIND is the most popular and most effective by far, so this makes sense. Anyway, the boot file basically just defines the zones to load and where the nameserver can find the files. It also specifies where the cache file is. In unix, BIND will assume this file to be /etc/named.boot - however, you can give it a commandline option to change it. It isn't really a bad idea to leave it in /etc, but i guess it's up to you. I put the db files in /etc/named, you can put them wherever you want. It makes no difference to the system, just as long as you specify it in the boot file. Here is a complete boot file. ; ; named boot file ; directory /etc/named ; ; db files to read ; primary dope.org db.dope.org primary toxygene.org db.toxygene.org primary 208.112.207.in-addr.arpa db.207.112.208 ; cache . db.cache ; ;end ; --- Operation Okay, so now that we have established all the major components of DNS, Let's see how it works. Say a user on workstation.dope.org is transferring files to/from a remote site. We'll make the remote site remote.site.com in this case. When the user enters remote.site.com into his file transfer client program, a DNS query is initiated. Here is how the DNS query goes: 1> workstation.dope.org - Sends query for translation of remote.site.com to local nameserver ns.dope.org. 2> ns.dope.org - Queries root server and determines nameserver for site.com. 3> ns.dope.org - Queries remote nameserver ns.site.com with remote.site.com. 4> ns.site.com - Translates remote.site.com into IP address and returns answer to ns.dope.org. 5> ns.dope.org - Returns translated IP address to workstation.dope.org. Now, this is in an ideal situation. In the real world, often, the primary nameserver is down or not responding. In the case of a timeout during a query, the nameserver will instead ask the secondary server. Each client machine on a tcp/ip network that uses DNS must have the address of the nameserver programmed into its resolver software. On almost all unix systems, the file with this information is /etc/resolv.conf. On PC platforms, the nameserver information is usually stored in the dialer configuration. --- Other Useful Information: - Whois: Whois is a program run by a client machine that contacts the nameserver for the speficied domain and retrieves information about the domain. This information includes organization info, contact names/email, addresses/etc, and primary/secondary nameservers. The whois service is run by the InterNIC. It can also be used for looking up information on blocks of IP addresses. Here are a few examples of whois queries: dope% whois dope.org The DOPE Organization (DOPE3-DOM) P.O. Box 31337 Lamersville, IL 60069 Domain Name: DOPE.ORG Administrative Contact, Technical Contact, Zone Contact: Dope Admin (DA31337) eleetwebd00d@dope.org 847-256-5928 (FAX) 000-000-0000 Billing Contact: Dope Admin (DA31337) eleetwebd00d@dope.org 847-256-5928 (FAX) 000-000-0000 Record last updated on 31-Jan-97. Record created on 31-Jan-97. Database last updated on 30-Dec-97 05:36:07 EDT. Domain servers in listed order: ZEUS.ANET-CHI.COM 207.7.4.6 ZEUS.ANET-DFW.COM 206.97.156.6 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. dope% whois net 207.112.208 NAP.NET, LLC (NETBLK-CNAP-NN03) CNAP-NN03 207.112.128.0 - 207.112.255.0 Western Pacific Network Services (NETBLK-ANETCH-NN0416-NET) ANETCH-NN0416-NET 207.112.208.0 - 207.112.211.255 To single out one record, look it up with "!xxx", where xxx is the handle, shown in parenthesis following the name, which comes first. The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Whois can also retrieve information on domain contacts, like name, address, telephone number, and email address. Whois also accepts wildcards for domain names and contact names, and will reply with a list of matches. For instance, the command "whois bob smith" would return a list of all domain contacts listed with the name "bob smith" and their NIC handles. When you register a domain name, you receive a NIC handle that helps expedite future domain registrations. A NIC handle is in the format of First-Initial, Last-Initial, Number - So Bob Smith's NIC handle might look something like BS4901. Typing "whois BS4901" will display all of the listed information for that person. - Nslookup and dig: Nslookup is a utility, originally coded for unix, that allows you to manually query a nameserver. There are two modes, interactive and non-interactive mode. Interactive mode gives you a sort of shell from which you can query the remote server, set options, etc. In the non-interactive mode, nslookup simply returns the requested information for the host or domain. Non-interactive mode is used when the first argument given to the command is the domain or address. It looks something like this: dope% nslookup www.dope.org Server: ns.dope.org Address: 0.0.0.0 Name: www.dope.org Address: 207.112.208.11 (Note: nslookup returns 0.0.0.0 as the server address when the name server is running on the local machine) There are many commands you can use in interactive mode. The manual pages for your unix should provide you with specifics, but here are a few commands. server [domain] - Changes the nameserver being queried to [domain]. ls [option] domain [> filename] - Lists information available for specified domain, prints hostnames and IP addresses. By using file redirection arrows ( >filename, >>filename ) you can redirect the output to a file. Options: -t [querytype] - Sets the query type. These include A, CNAME, PTR, etc.. -d - Lists all records available for domain. set keyword[=value] - Sets options for lookups. Keywords: class=value - Change the query class (IN, CHAOS, HESIOD, ANY) [no]debug - Turn debugging mode on [or off] [no]d2 - Turn exhaustive debugging on [or off] domain=name - Change default domain name type - Set query type (A, CNAME, MX, etc) retry=number - Set number of retries before giving up exit - guess. help - "" Here is an example of some fun stuff you can do with nslookup. dope% nslookup Default Server: ns.dope.org Address: 0.0.0.0 > server victim.com Default Server: victim.com Address: 201.0.0.1 > ls victim.com [victim.com] victim.com. server = victim.com victim.com. server = ns2.victim.com victim.com. 201.0.0.1 hackme 201.0.0.5 please 201.0.0.6 my 201.0.0.8 dns 201.0.0.9 admin 201.0.0.11 is 201.0.0.12 an 201.0.0.15 idiot 201.0.0.17 So, you see, nslookup can be a useful tool. It can be used to gather lots of information on a domain. If the dns administrator has not secured the server against this kind of queries, (and in most cases they dont) you can obtain a complete list of every hostname under that domain. Dig (Domain Information Groper) is another unix tool which you can use to gather information from dns servers. Dig has a simple interactive mode, and a batch mode which executes a list of queries. It works much similar to nslookup, but has more options and features. For exact syntax, refer to the manual pages for dig on your unix system. --- Summary Well, if you actually read all of this, I hope you learned something. :) DNS is a protocol crucial to the smooth operation of the internet. People who know DNS and BIND are very much in demand at this time, as are most people who are skilled in unix and the internet. Poor DNS administration can result in major network disruptions, denial of service, and other unpleasant things that administrators don't like. This text is probably not detailed enough if you really want to learn DNS inside and out. If you are looking at becoming a DNS administrator, or even just setting up BIND to play around with, I highly recommend O'Reilly Books' DNS and BIND by Albitz and Liu. It contains just about every piece of information and advice that you could possibly want on the topic of DNS, and there is an updated version released in early 1997.. Also, I would suggest reading all of the related RFC's, especially RFC1034 and RFC1035. These are the blueprints for the way the Internet is structured. Anyway, thanks for taking the time to read this, and if you have any questions/comments/complaints/suggestions, please contact me through email. Peace.. stash stash@dope.org --- GLOSSARY BIND: Berkeley Internet Name Domain DB: DataBase DNS: Domain Name System FQDN: Fully-Qualified Domain Name ISC: Internet Software Consortium NIC: Network Information Center NS: Name Server RFC: Request For Comment TLD: Top-Level Domain TCP/IP: Transmission Control Protocol/Internet Protocol --- Pseudo-Bibliography These sources were used for background info, paraphrasing, and stuff like that. 1. DNS and BIND - By Paul Albitz & Cricket Liu - O'Reilly & Associates, Inc. ISBN 1-56592-236-0 2. comp.protocols.tcp-ip.domains FAQ - Maintained by cdp@pfmc.net ftp : rtfm.mit.edu : /pub/usenet/news.answers/internet/tcp-ip/domains-faq 3. RFC-1035 "Domain names - Implementation and Specification" 4. BSD/OS Nslookup manual page - Andrew Cherenson * END SECTION 5 * ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ S E C T I O N S I X news topix - for and about the scene compiled through various sources ╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫x╫ Carding Spy Satellite Photo's! 12/97 It was really just a matter of time before someone did this. The irony is that it is completely legal. This past month was the launching of the world's first commercial spy satellite. Grab your American Express and you can visually ownz just about anyone. This first satellite launched is known as "EarlyBird 1" and can actually snag 10 feet across pictures while it sails 295 miles above us. The sad part is that this is actually of avail to people via the web. Before you purchase any images you must register with Earthwatch, Inc. Images they already have that you may be looking for may cost as little as a few dollars, but although their site isn't even fully up and running with exact pictures of what people want, people are putting in orders with their credit cards and paying up to three hundred dollaz for this. It is definately going to be utilized by more than the common overly rich individual however. This service is going to be available to everyone via the website of www.digitalglobe.com. EarlyBird 1 was launched from a military base in Russia and many other satellites are soon to launch from various other countries. One problem is the manipulation of possible credit card fraud being utilized just so people can spy without having any link back to them as long as they register completely with the card owners info. Right now, the United States Government has allowed the use of this satellite system in most areas of the nation, except ones of a tender nature (of course, that's a gimme). The USA is also screening all foreign customers of EarthWatch Inc., which is based out of Longmont, Colorado. Happy ownzing peoples! * END SECTION 6 * ¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼, _ _______ ______ ___ ___ ____ _ /___/ /___/ / / /__) /_ _ __/ _/ \ _/__/ _/__) _/____ _ _ _ / I N D U S T R I E S ¼,¼,¼,¼,¼,¼,¼,¼,/¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼,¼, M A G A Z I N E P H I L E S 1 9 9 8 y0 p33ps! please check out our dope web site! http://dope.org/pimp site has: back issues in the archives new issues as soon as they come out pimp member listing with email links and web links phat links to other sites of interest pix of pimps and chicago, pimp whq mailing list for pimp inpho's etc.. etc.. good phun, hit the damn site already! thanx to stash for providing space for our site! ╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫ ╫ ╫ ╫ the following boards listed hold true to the scene and if you ╫ ╫ are deep into h/p and the likes, i suggest you give them a call. ╫ ╫ some are gone and i haven't kept up with all of them.. most ╫ ╫ should be all good. ╫ ╫ -fringe ╫ ╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫ Apocalypse 2ooo - H/P/Rave/Ska/Punk/home of the PIMPS! pimp ownzed by subhuman, jello biafra, fringe, the whole crew! +1-847-831-0484 - *NO* ratio. 1 gig online. for more info: http://dope.org/fringe/apoc.html ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the Apoc2k homepage (Note: we may be changing our number again, but this would mean a possible telnet line.. so it'll be all good) The Centre' - H/P pimp ownzed by luthor! more than a gig online plus cd's. +000-PRI-VATE Poison Pen - H/P, *NO* ratio +1-847-966-2095 Moo 'n' Oink - H/P pimp ownzed by stash! +1-847-256-5928 Microcosm - H/P +1-904-484-5548 Underworld 96 **(514) toast** Aneurysm - H/P - NUP: Discipline +1-514-458-9851 Last Territory - H/P +1-514-565-9754 Linoleum - H/P **(704) toast** Hacker's Haven - H/P +1-303-343-4053 Digital Disturbance - H/P **(516) toast** Hacker's Hideaway - H/P +1-416-534-0417 TOTSE - H/P and crazy other amounts of info +1-510-935-5845 The Switchboard - H/P +31 ***TOAST*** and will be missed. Arrested Development - H/P +31 ***TOAST*** and will be missed. ----- If you'd like to write for PIMP, you can send any and all worx to pimp@dope.org all worx will be looked at and considered. all credit is always going to be given to whomever the giver is, unless you would rather not be known. PIMP Issue numbah sixteen - out.