Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
ler762 at gmail.com
Sat Jun 6 00:33:21 UTC 2020
On 6/5/20, Fred Morris <m3047 at m3047.net> wrote:
> Hrmmm... I'm reminded of something else I've seen reported on recently...
> On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
> I don't know if you've been paying attention, but it's been reported that
> among others EBay has been port scanning visitor's devices . Having
> localhost.ebay.com could be handy for them in terms of circumventing some
> rules on setting of cookies and the execution of scripts. Not saying
> that's what they're doing, heaven forbid.
> Any domain you visit could have entries in it which point to e.g.
> localhost or nonrouting addresses commonly used for gateways, things like
> This is not a DNS problem, it's a problem in what commonly used programs
> aid and abet in the name of "freedom of commerce" or something.
It's possible to block with rpz & something else that I can't recall
right now. I did RPZ blocking first, so I didn't bother changing
; return NXDOMAIN for any 127.0.0.0/8 answers
onea.net-snmp.org CNAME rpz-passthru.
twoa.net-snmp.org CNAME rpz-passthru.
localhost CNAME rpz-passthru.
126.96.36.199.127.rpz-ip CNAME . ; 127.0.0.0/8
; localhost 127.0.0.1
; onea.net-snmp.org 127.0.0.1
; twoa.net-snmp.org 127.0.0.2 127.0.0.3
All my other host names that used to return 127.0.0.1 answers don't
any more :( Anyone know some valid names I can use for testing?
More information about the bind-users