subject:"Fwd\: DNS Misconfiguration on\- http\:\/\/cyberia.net.sa\/"

FW: Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-11 Thread Renters Inquiries

Dear Valued Customer,


Thank you for your inquiry. Please let us know how we may assist you.


If you have a Renter’s policy, you can manage your policy online 24/7 at: 
https://www.myassurantpolicy.com/

You have access to a range of service options including:

  *
View/update policy information
  *
Manage your payments
  *
Obtain proof of insurance
  *
And much more



Thank you for allowing us the opportunity to serve you.


Sincerely,

Insurance Services

Assurant - Global Specialty Operations




--- Original Message ---
From: Fred Morris
Received: Fri Jun 05 2020 12:17:17 GMT-0400 (Eastern Daylight Time)
To: Bhangui, Sandeep - BLS CTR via bind-users
Subject: Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Hrmmm... I'm reminded of something else I've seen reported on recently...

On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
> localhost.cyberia.net.sa

I don't know if you've been paying attention, but it's been reported that
among others EBay has been port scanning visitor's devices [0]. Having
localhost.ebay.com could be handy for them in terms of circumventing some
rules on setting of cookies and the execution of scripts. Not saying
that's what they're doing, heaven forbid.

Any domain you visit could have entries in it which point to e.g.
localhost or nonrouting addresses commonly used for gateways, things like
that.

This is not a DNS problem, it's a problem in what commonly used programs
aid and abet in the name of "freedom of commerce" or something.

--

Fred Morris

--

[0]
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

**
This e-mail message and all attachments transmitted with it may contain legally 
privileged and/or confidential information intended solely for the use of the 
addressee(s). If the reader of this message is not the intended recipient, you 
are hereby notified that any reading, dissemination, distribution, copying, 
forwarding or other use of this message or its attachments is strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete this message and all copies and backups thereof. 
Thank you.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-05 Thread Lee

On 6/5/20, Fred Morris  wrote:
> Hrmmm... I'm reminded of something else I've seen reported on recently...
>
> On Fri, 5 Jun 2020, Ejaz Ahmed wrote:
>> localhost.cyberia.net.sa
>
> I don't know if you've been paying attention, but it's been reported that
> among others EBay has been port scanning visitor's devices [0]. Having
> localhost.ebay.com could be handy for them in terms of circumventing some
> rules on setting of cookies and the execution of scripts. Not saying
> that's what they're doing, heaven forbid.
>
> Any domain you visit could have entries in it which point to e.g.
> localhost or nonrouting addresses commonly used for gateways, things like
> that.
>
> This is not a DNS problem, it's a problem in what commonly used programs
> aid and abet in the name of "freedom of commerce" or something.

It's possible to block with rpz & something else that I can't recall
right now.  I did RPZ blocking first, so I didn't bother changing

;  return NXDOMAIN for any 127.0.0.0/8 answers
;exceptions:
onea.net-snmp.org   CNAME   rpz-passthru.
twoa.net-snmp.org   CNAME   rpz-passthru.
localhost   CNAME   rpz-passthru.
8.0.0.0.127.rpz-ip  CNAME   .   ;  127.0.0.0/8
;   check:
; localhost   127.0.0.1
; onea.net-snmp.org   127.0.0.1
; twoa.net-snmp.org   127.0.0.2 127.0.0.3

All my other host names that used to return 127.0.0.1 answers don't
any more :(  Anyone know some valid names I can use for testing?

Lee
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-05 Thread Fred Morris


Hrmmm... I'm reminded of something else I've seen reported on recently...

On Fri, 5 Jun 2020, Ejaz Ahmed wrote:

localhost.cyberia.net.sa


I don't know if you've been paying attention, but it's been reported that 
among others EBay has been port scanning visitor's devices [0]. Having 
localhost.ebay.com could be handy for them in terms of circumventing some 
rules on setting of cookies and the execution of scripts. Not saying 
that's what they're doing, heaven forbid.


Any domain you visit could have entries in it which point to e.g. 
localhost or nonrouting addresses commonly used for gateways, things like 
that.


This is not a DNS problem, it's a problem in what commonly used programs 
aid and abet in the name of "freedom of commerce" or something.


--

Fred Morris

--

[0] 
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-05 Thread Matus UHLAR - fantomas


On 05.06.20 11:54, Ejaz Ahmed wrote:

Some one is is claiming that our name server 212.118.64.2 is vulnerable
with below information is this true


it's not the nameserver. It's the domain "cyberia.net.sa" that has
"localhost" in it pointing go 127.0.0.1

This is useless. The localhost hostname should not exist in domains other
than "localhost." that should be configured on recursive servers.


Any suggestions would be appreciated


simply remove the "localhost" record from cyberia.net.sa and possibly other
domains.


Dear CYBERIA GROUP Security Team ,

I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability
on your website that is DNS Misconfiguration .

Your *localhost.cyberia.net.sa    *has
address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also
ping the localhost network.


Here is detailed description of this minor security issue :*
http://www.securityfocus.com/archive/1/486606/30/0/threaded
*

*Find attached POC  Video. *

*Dear Team Waiting for your response and I want bounty(money) with an
Appreciation letter for my work and effort which I have given for *


*Thanks in advance *
*Ejaz *


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-05 Thread Ejaz Ahmed

Some one is is claiming that our name server 212.118.64.2 is vulnerable
with below information is this true

Any suggestions would be appreciated

Thanks a n advance

Ejaz




Dear CYBERIA GROUP Security Team ,

I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability
on your website that is DNS Misconfiguration .

Your *localhost.cyberia.net.sa    *has
address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also
ping the localhost network.


Here is detailed description of this minor security issue :*
http://www.securityfocus.com/archive/1/486606/30/0/threaded
*

*Find attached POC  Video. *

*Dear Team Waiting for your response and I want bounty(money) with an
Appreciation letter for my work and effort which I have given for *


*Thanks in advance *
*Ejaz *
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

FW: Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

5 matches

Site Navigation

Mail list logo

Footer information