Questioning Our Secret Service.

Publicated on : 1192604434
So what, I thought. Let's take a shot at our national secret service (AIVD.NL) since I had ideas that they would mess up security beyond all measures, like all governments do. I will keep it short and only show a simple SMTP reconnaissance because I cannot launch exploits and such, then they will come after me for sure. The problem that they face is that their website is probably hosted virtual, they share name servers and mail servers with 100+ other websites. I only queried 100 DNS lookups, it could run in the thousands. You would expect they get a dedicated pipe, with full VPN with ElGamal 4096 bit keys. Maybe they have that also, I don't know since they operate "secret". But I doubt it, I really doubt it when I saw this.

So let's check the mail servers and name servers:

base record name ip network
AIVD.NL
NS ns1.vianetworks.nl 212.61.15.8 - 212.61.0.0/16
ns1.vianetworks.nl 212.61.25.226 - 212.61.0.0/16
ns2.vianetworks.nl 212.61.25.226 - 212.61.0.0/16
MX relay.vianetworks.nl 212.61.9.19 - 212.61.0.0/16
relay-new.vianetworks.nl
MX mailhub.vianetworks.nl

So, first of I try to see if they have an open relay, which means I can use their mailserver to SPAM the globe, or send fake emails to certain institutions. I did not find one, so that is good for them. But, and this is crucial. Since they host virtual next to other websites who sell pizza's and a local soccer club and 100+ other silly sites, I could target them, and spoof e-mail in the name of our secret service. Ah, that is nice! This is the pitfall of shared hosting because they also share mail servers. Damn! are they insane or whatever? I could not believe my eyes.



The shared list: 100+ domain sharing mailservers and