Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15822

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Show all headers | View raw

On 6/5/20, Fred Morris <m3047@m3047.net> wrote:
> Hrmmm... I'm reminded of something else I've seen reported on recently...
>
> On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
>> localhost.cyberia.net.sa
>
> I don't know if you've been paying attention, but it's been reported that
> among others EBay has been port scanning visitor's devices [0]. Having
> localhost.ebay.com could be handy for them in terms of circumventing some
> rules on setting of cookies and the execution of scripts. Not saying
> that's what they're doing, heaven forbid.
>
> Any domain you visit could have entries in it which point to e.g.
> localhost or nonrouting addresses commonly used for gateways, things like
> that.
>
> This is not a DNS problem, it's a problem in what commonly used programs
> aid and abet in the name of "freedom of commerce" or something.

It's possible to block with rpz & something else that I can't recall
right now.  I did RPZ blocking first, so I didn't bother changing

;  return NXDOMAIN for any 127.0.0.0/8 answers
;    exceptions:
onea.net-snmp.org       CNAME   rpz-passthru.
twoa.net-snmp.org       CNAME   rpz-passthru.
localhost               CNAME   rpz-passthru.
8.0.0.0.127.rpz-ip      CNAME   .       ;  127.0.0.0/8
;   check:
;     localhost           127.0.0.1
;     onea.net-snmp.org   127.0.0.1
;     twoa.net-snmp.org   127.0.0.2 127.0.0.3

All my other host names that used to return 127.0.0.1 answers don't
any more :(  Anyone know some valid names I can use for testing?

Lee

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/ Lee <ler762@gmail.com> - 2020-06-05 20:33 -0400

csiph-web