On 6/5/20, Fred Morris <m3...@m3047.net> wrote:
> Hrmmm... I'm reminded of something else I've seen reported on recently...
>
> On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
>> localhost.cyberia.net.sa
>
> I don't know if you've been paying attention, but it's been reported that
> among others EBay has been port scanning visitor's devices [0]. Having
> localhost.ebay.com could be handy for them in terms of circumventing some
> rules on setting of cookies and the execution of scripts. Not saying
> that's what they're doing, heaven forbid.
>
> Any domain you visit could have entries in it which point to e.g.
> localhost or nonrouting addresses commonly used for gateways, things like
> that.
>
> This is not a DNS problem, it's a problem in what commonly used programs
> aid and abet in the name of "freedom of commerce" or something.

It's possible to block with rpz & something else that I can't recall
right now.  I did RPZ blocking first, so I didn't bother changing

;  return NXDOMAIN for any 127.0.0.0/8 answers
;    exceptions:
onea.net-snmp.org       CNAME   rpz-passthru.
twoa.net-snmp.org       CNAME   rpz-passthru.
localhost               CNAME   rpz-passthru.
8.0.0.0.127.rpz-ip      CNAME   .       ;  127.0.0.0/8
;   check:
;     localhost           127.0.0.1
;     onea.net-snmp.org   127.0.0.1
;     twoa.net-snmp.org   127.0.0.2 127.0.0.3

All my other host names that used to return 127.0.0.1 answers don't
any more :(  Anyone know some valid names I can use for testing?

Lee
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to