Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
Lee
ler762 at gmail.com
Sat Jun 6 00:33:21 UTC 2020
On 6/5/20, Fred Morris <m3047 at m3047.net> wrote:
> Hrmmm... I'm reminded of something else I've seen reported on recently...
>
> On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
>> localhost.cyberia.net.sa
>
> I don't know if you've been paying attention, but it's been reported that
> among others EBay has been port scanning visitor's devices [0]. Having
> localhost.ebay.com could be handy for them in terms of circumventing some
> rules on setting of cookies and the execution of scripts. Not saying
> that's what they're doing, heaven forbid.
>
> Any domain you visit could have entries in it which point to e.g.
> localhost or nonrouting addresses commonly used for gateways, things like
> that.
>
> This is not a DNS problem, it's a problem in what commonly used programs
> aid and abet in the name of "freedom of commerce" or something.
It's possible to block with rpz & something else that I can't recall
right now. I did RPZ blocking first, so I didn't bother changing
; return NXDOMAIN for any 127.0.0.0/8 answers
; exceptions:
onea.net-snmp.org CNAME rpz-passthru.
twoa.net-snmp.org CNAME rpz-passthru.
localhost CNAME rpz-passthru.
8.0.0.0.127.rpz-ip CNAME . ; 127.0.0.0/8
; check:
; localhost 127.0.0.1
; onea.net-snmp.org 127.0.0.1
; twoa.net-snmp.org 127.0.0.2 127.0.0.3
All my other host names that used to return 127.0.0.1 answers don't
any more :( Anyone know some valid names I can use for testing?
Lee
More information about the bind-users
mailing list