Path: csiph.com!4.us.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!feeds.news.ox.ac.uk!news.ox.ac.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Fred Morris <m3047@m3047.net>
Newsgroups: comp.protocols.dns.bind
Subject: Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
Date: Fri, 5 Jun 2020 09:16:37 -0700 (PDT)
Lines: 27
Approved: bind-users@lists.isc.org
Message-ID: <mailman.496.1591373781.942.bind-users@lists.isc.org>
References: <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <alpine.LSU.2.21.2006050904310.20305@flame.m3047>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Trace: usenet.stanford.edu 1591373805 17742 149.20.1.60 (5 Jun 2020 16:16:45 GMT)
X-Complaints-To: action@cs.stanford.edu
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Return-Path: <m3047@m3047.net>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
X-X-Sender: m3047@flame.m3047
In-Reply-To: <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <alpine.LSU.2.21.2006050904310.20305@flame.m3047>
X-Mailman-Original-References: <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com>
Xref: csiph.com comp.protocols.dns.bind:15820

Hrmmm... I'm reminded of something else I've seen reported on recently...

On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
> localhost.cyberia.net.sa

I don't know if you've been paying attention, but it's been reported that 
among others EBay has been port scanning visitor's devices [0]. Having 
localhost.ebay.com could be handy for them in terms of circumventing some 
rules on setting of cookies and the execution of scripts. Not saying 
that's what they're doing, heaven forbid.

Any domain you visit could have entries in it which point to e.g. 
localhost or nonrouting addresses commonly used for gateways, things like 
that.

This is not a DNS problem, it's a problem in what commonly used programs 
aid and abet in the name of "freedom of commerce" or something.

--

Fred Morris

--

[0] 
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/