瞅下腾讯的几个服务器

July 21, 2008 – 4:18

首先用nslookup看下qq.com

> set type=any
> qq.com
Server: UnKnown
Address: 192.168.1.1

————
//发送请求,以及发送的数据包简要描述:长度24
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
qq.com, type = ANY, class = IN

————
————
//反馈的信息,大小403bytes
Got answer (403 bytes):
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 6, authority records = 3, additional = 0

QUESTIONS:
qq.com, type = ANY, class = IN
ANSWERS:
-> qq.com
type = TXT, class = IN, dlen = 224
text =

“v=spf1 ip4:219.133.40.0/24 ip4:219.133.49.0/24 ip4:58.60.8.0/21 ip4:222
.202.96.0/24 ip4:121.14.73.0/24 ip4:121.14.74.0/24 ip4:121.14.76.0/23 ip4:64.71.
138.0/25 ip4:58.251.60.0/22 ip4:219.133.60.0/24 ip4:59.42.249.0/24 ~all”
ttl = 33260 (9 hours 14 mins 20 secs)
/*
spf(Sender Policy Framework)是为了防范垃圾邮件而提出来的一种DNS记录类型，它是一种TXT类型的记录，它用于登记某个域名拥有的用来外发邮件的所有IP地址。按照SPF的格式在DNS记录中增加一条TXT类型的记录，将提高该域名的信誉度，同时可以防止垃圾邮件伪造该域的发件人发送垃圾邮件。 SPF是跟DNS相关的一项技术，它的内容写在DNS的txt类型的记录里面。mx记录的作用是给寄信者指明某个域名的邮件服务器有哪些。SPF的作用跟 mx相反，它向收信者表明，哪些邮件服务器是经过某个域名认可会发送邮件的。由定义可以看出，SPF的作用主要是反垃圾邮件，主要针对那些发信人伪造域名的垃圾邮件。
*/
-> qq.com
type = A, class = IN, dlen = 4
internet address = 219.133.40.91
ttl = 11500 (3 hours 11 mins 40 secs)
//A记录这个就不用说啦吧(主机名（或域名）对应的IP地址记录)。
-> qq.com
type = MX, class = IN, dlen = 8
MX preference = 10, mail exchanger = mx0.qq.com
ttl = 5001 (1 hour 23 mins 21 secs)
//MX是邮件交换记录,它指向一个邮件服务器,用于电子邮件系统发邮件时根据收信人的地址后缀来定位邮件服务器。
-> qq.com
type = NS, class = IN, dlen = 15
nameserver = dns1.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
//NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。
-> qq.com
type = NS, class = IN, dlen = 7
nameserver = dns3.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
-> qq.com
type = NS, class = IN, dlen = 7
nameserver = dns2.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
AUTHORITY RECORDS:
-> qq.com
type = NS, class = IN, dlen = 2
nameserver = dns3.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
-> qq.com
type = NS, class = IN, dlen = 2
nameserver = dns1.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
-> qq.com
type = NS, class = IN, dlen = 2
nameserver = dns2.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)

————
Non-authoritative answer:
//本机(网关)的DNS cache,如果想清除本机dns cache可以使用ipconfig /flushdns.
qq.com
type = TXT, class = IN, dlen = 224
text =

qq.com
type = NS, class = IN, dlen = 2
nameserver = dns3.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
qq.com
type = NS, class = IN, dlen = 2
nameserver = dns1.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
qq.com
type = NS, class = IN, dlen = 2
nameserver = dns2.imok.net
ttl = 5001 (1 hour 23 mins 21 secs)
>

//接着看下www.qq.com服务器

D:\nmap>nmap -sVC -O -T4 www.qq.com
//查询服务器开放端口的服务类型以及程序版本,以及脚本类型,系统类型,探测效率T4.
Starting Nmap at 2008-07-21 02:09 中国标准时间
Warning: Hostname www.qq.com resolves to 2 IPs. Using 60.28.234.98.
Interesting ports on 60.28.234.98:
Not shown: 1714 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http-proxy nginx http proxy 0.6.32
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Aggressive OS guesses: Smoothwall firewall (Linux 2.6.16.53) (98%), Linux 2.6.13
- 2.6.20 (98%), Linux 2.6.17 (x86) (97%), Linux 2.6.22 - 2.6.23 (97%), Siemens
Gigaset SE515dsl wireless broadband router (95%), Linux 2.6.9 - 2.6.11 (95%), Li
nux 2.6.9 - 2.6.15 (95%), Linux 2.6.15 - 2.6.20 (94%), Linux 2.6.11 - 2.6.22 (94
%), Linux 2.6.17 - 2.6.18 (94%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 23.417 days (since Fri Jun 27 16:08:35 2008)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 19.969 seconds

//接着来看下mail.qq.com
D:\nmap>nmap -sVC -O -T4 mail.qq.com

Starting Nmap at 2008-07-21 02:13 中国标准时间
Insufficient responses for TCP sequencing (1), OS detection may be less accurate

Interesting ports on reverse.gdsz.cncnet.net (58.251.60.161):
Not shown: 1712 filtered ports
PORT STATE SERVICE VERSION
25/tcp closed smtp
80/tcp open sip JAWS/1.0prebeta (Status: 404 Not Found)
110/tcp closed pop3
1 service unrecognized despite returning data.
SF-Port80-TCP:V=4.68%I=7%D=7/21%Time=4883806B%P=i686-pc-windows-windows%r(
SF:GetRequest,BFF,”HTTP/1\.1\x20200\x20OK\r\nConnection:\x20close\r\nDate:
SF:\x20Sun,\x2020\x20Jul\x202008\x2018:12:28\x20GMT\r\nContent-Type:\x20te
SF:xt/html\r\n\r\n<html>\n<head>\n<meta\x20http-equiv=\”Content-Type\”\x20
SF:content=\”text/html;\x20charset=gb2312\”\x20/>\n<link\x20rel=\”styleshe
SF:et\”\x20type=\”text/css\”\x20href=\”http://res\.mail\.qq\.com/zh_CN/htm
SF:ledition20080709/style/comm\.css\”\x20/>\n<link\x20rel=\”stylesheet\”\x
SF:20type=\”text/css\”\x20href=\”http://res\.mail\.qq\.com/zh_CN/htmlediti
SF:on20080709/style/skin0\.css\”\x20/>\n<!–script\x20language=\”javascrip
SF:t\”\x20src=\”http://res\.mail\.qq\.com/zh_CN/htmledition20080709/js/all
SF:\.js\”></script–>\n<title>QQ\xd3\xca\xcf\xe4</title>\n<style>\n</style
SF:>\n</head>\n<body\x20class=tipbg\x20style=\”text-align:center\”>\n<scri
SF:pt>\nvar\x20flagMsgbox\x20=\x20true;\nvar\x20fsuccesss\x20=\x20\”\”;\x2
SF:0</script>\n<script>\nvar\x20isMainFrameError\x20=\x20!top\.GetMainWin\
SF:x20\|\|\x20top\.GetMainWin\(\)\x20==\x20window\x20\|\|\x20top\x20==\x20
SF:window;\nif\x20\(isMainFrameError\)\n{\n\twindow\.onerror\x20=\x20funct
SF:ion\(msg,\x20url,\x20line\)\x20{return\x20true;};\n\twindow\.onload\x20
SF:=\x20function\(\)\n\t{\n\t\tdocument\.bod”)%r(FourOhFourRequest,10F,”HT
SF:TP/1\.0\x20404\x20Not\x20Found\r\nServer:\x20JAWS/1\.0prebeta\r\nConten
SF:t-type:\x20text/html\r\nContent-length:\x20174\r\n\r\n<html>\n<head><ti
SF:tle>Server\x20error\x20message</title></head>\n<body>\n<h1>Error\x20404
SF::\x20Not\x20Found</h1>\nThe\x20request\x20could\x20not\x20be\x20complet
SF:ed\x20because:\n\x20Document\x20not\x20found!\n</body>\n</html>\n”)%r(S
SF:IPOptions,104,”SIP/2\.0\x20404\x20Not\x20Found\r\nServer:\x20JAWS/1\.0p
SF:rebeta\r\nContent-type:\x20text/html\r\nContent-length:\x20164\r\n\r\n<
SF:html>\n<head><title>Server\x20error\x20message</title></head>\n<body>\n
SF:<h1>Error\x20404:\x20Not\x20Found</h1>\nThe\x20request\x20could\x20not\
SF:x20be\x20completed\x20because:\n\x20Not\x20Found\n</body>\n</html>\n”);
Aggressive OS guesses: Emprex ME1 Multimedia Enclosure media server (Linux 2.6.1
2) (91%), Linux 2.6.17 - 2.6.23 (90%), Linux 2.6.5 - 2.6.19 (90%), Secure Comput
ing SnapGear SG300 firewall (90%), Siemens Gigaset SE515dsl wireless broadband r
outer (90%), Belkin Wireless Pre-N Router (90%), FON La Fonera WAP (OpenWrt, Lin
ux 2.4.32) (88%), D-Link DSL-G624T wireless ADSL router (Linux 2.4.17) or Netgea
r DG834G WAP (firmware 4.01.19) (87%), Toshiba Magnia SG10 server appliance (Lin
ux 2.4.18) (87%), Linux 2.6.22 - 2.6.23 (86%)
No exact OS matches for host (test conditions non-ideal).

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 77.047 seconds

//接着来看下mx0.qq.com(qq邮件服务器)
D:\nmap>nmap -sVC -O -T4 mx0.qq.com

Starting Nmap at 2008-07-21 02:17 中国标准时间
Warning: Hostname mx0.qq.com resolves to 9 IPs. Using 58.251.63.172.
Insufficient responses for TCP sequencing (1), OS detection may be less accurate

Interesting ports on reverse.gdsz.cncnet.net (58.251.63.172):
Not shown: 1712 filtered ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
|_ SMTPcommands: EHLO mx15.qq.com, PIPELINING, SIZE 78643200, VRFY, 250 8BITMIME

80/tcp closed http
443/tcp closed https
Device type: media device
Running: Emprex Linux 2.6.X
OS details: Emprex ME1 Multimedia Enclosure media server (Linux 2.6.12)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 25.797 seconds

//接着来看下mx15.qq.com(内部的?只是在mx0.qq.com的回应中看到,很有可能还有mx14.qq.com… )
//表面上看这上边的服务要比mx0多呀,ssh,http,1234,…
D:\nmap>nmap -sVC -O -T4 mx15.qq.com

Starting Nmap at 2008-07-21 02:20 中国标准时间
Warning: Giving up on port early because retransmission cap hit.
Insufficient responses for TCP sequencing (2), OS detection may be less accurate

Interesting ports on 202.111.148.132:
Not shown: 1446 closed ports, 263 filtered ports
PORT      STATE SERVICE          VERSION
22/tcp    open ssh              SunSSH 1.1 (protocol 2.0)
80/tcp    open http?
|_ HTML title: Site doesn’t have a title.
1234/tcp open tcpwrapped
8009/tcp open ajp13?
8080/tcp open http-proxy?
32776/tcp open sometimes-rpc15?
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (87%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (87%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 157.260 days (since Thu Feb 14 20:12:02 2008)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 374.172 seconds

//接着看DNS服务器
D:\nmap>nmap -sVC -O -T4 dns1.imok.net

Starting Nmap at 2008-07-21 02:33 中国标准时间
Insufficient responses for TCP sequencing (2), OS detection may be less accurate

Interesting ports on 219.133.40.202:
Not shown: 1461 filtered ports, 253 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain
Device type: media device
Running: Emprex Linux 2.6.X
OS details: Emprex ME1 Multimedia Enclosure media server (Linux 2.6.12)
Uptime: 94.202 days (since Thu Apr 17 21:42:39 2008)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 35.703 seconds

//难道这个是win服务器还把135-139给过滤啦!,此地无银300两,内网中?
D:\nmap>nmap -sVC -O -T4 dns2.imok.net

Starting Nmap at 2008-07-21 02:34 中国标准时间
Interesting ports on 61.152.100.5:
Not shown: 1696 closed ports
PORT     STATE    SERVICE        VERSION
42/tcp   filtered nameserver
53/tcp   open     domain
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp filtered NFS-or-IIS
1068/tcp filtered instl_bootc
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
3128/tcp filtered squid-http
4444/tcp filtered krb524
5800/tcp filtered vnc-http
5900/tcp filtered vnc
6699/tcp filtered napster
7003/tcp filtered afs3-vlserver
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.21 - 2.4.33, Linux 2.4.28 - 2.4.30
Uptime: 278.438 days (since Tue Oct 16 16:04:56 2007)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 29.375 seconds

D:\nmap>nmap -sVC -O -T4 dns3.imok.net

Starting Nmap at 2008-07-21 02:37 中国标准时间
Interesting ports on 218.30.72.181:
Not shown: 1450 filtered ports, 264 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 123.691 days (since Wed Mar 19 10:02:37 2008)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 34.391 seconds

//看下顶级域
D:\nmap>nmap -sVC -O -T4 qq.com

Starting Nmap at 2008-07-21 02:40 中国标准时间
Interesting ports on 219.133.40.91:
Not shown: 1714 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd
|_ HTML title: 302 Found
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: WAP
Running: Linux 2.4.X
OS details: Buffalo WHR-HP-G54 WAP or Linksys WRT54GL WAP running DD-WRT Linux 2
.4.20 - 2.4.34
Uptime: 51.594 days (since Fri May 30 12:25:37 2008)

OS and Service detection performed
.
Nmap done: 1 IP address (1 host up) scanned in 16.218 seconds

D:\nmap>

ok,myblog:http://clin003.com/
没有恶意,学习用nslookup和nmap

（PS：几个DNS不是标配啊，:-0 ）

附：
219.133.40.0 广东省深圳市电信(宝安区)

219.133.49.0 广东省深圳市电信(宝安区)

58.60.8.0 广东省深圳市电信

222.202.96.0 # 查询结果3：广东省深圳市腾讯公司教育网接口

121.14.73.0 广东省深圳市电信IDC机房

121.14.74.0 广东省深圳市电信IDC机房

121.14.76.0 广东省深圳市电信IDC机房

64.71.138.0 美国加洲