[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] DNS hijacking
For months now one of my domains keeps getting redirected sometimes when
accessed through Tor. Even non-existing subdomains.
Instead of landing on my page, one will get to a site looking exactly like
parkingcrew.net, complete with ads and trackers, but located at a
different IP in the US and showing the domain tried to access instead of
"parkingcrew.net". I played around a bit and found out that it will accept
any valid-looking domain supplied in the Host header, even if the domain
doesn't actually exist.
It will only happen when using Tor. I did a "normal" DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP, the latter
pointing to said server.
Someone out there is manipulating DNS resolves done through Tor.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk