[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] DNS hijacking

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] DNS hijacking
From: throwaway123@xxxxxxxxxxx
Date: Fri, 3 Apr 2015 22:15:42 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 Apr 2015 18:16:03 -0400
Importance: Normal
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

For months now one of my domains keeps getting redirected sometimes when
accessed through Tor. Even non-existing subdomains.

Instead of landing on my page, one will get to a site looking exactly like
parkingcrew.net, complete with ads and trackers, but located at a
different IP in the US and showing the domain tried to access instead of
"parkingcrew.net". I played around a bit and found out that it will accept
any valid-looking domain supplied in the Host header, even if the domain
doesn't actually exist.

It will only happen when using Tor. I did a "normal" DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP, the latter
pointing to said server.

Someone out there is manipulating DNS resolves done through Tor.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] DNS hijacking
  - From: Justaguy
- Re: [tor-talk] DNS hijacking
  - From: Justaguy
- Re: [tor-talk] DNS hijacking
  - From: Philipp Winter

Prev by Author: [tor-talk] Onionoo HS Added
Next by Author: Re: [tor-talk] Hi!
Previous by thread: [tor-talk] Fwd: [guardian-dev] Orbot v15 beta 1
Next by thread: Re: [tor-talk] DNS hijacking
Index(es):
- Author
- Thread