Idea for an attack: Let's assume an ISP example that gives you an IP with a reverselookup of form [somenumber].something.customer.example.com
-
-
it only matters as it gives you an easy way to find out your own hostname.
-
Yeah. I was thinking some ISPs that moved to a second-level domain other than their business name for customer rdns might still have the old forward-dns active though.
End of conversation
New conversation -
-
-
This attack could work for any domain where [somenumber].something.example.com resolves programmatically to an ip address decoded from [somenumber].
-
I suspect it may also work on dyndns providers that provide dynamic hosts under the same second-level domain as they operate their site under, e.g. for hijacking sessions of other users on the service.
-
most dyndns providers are in the public suffix list. if someone provides dyndns without being in psl that by itself should be considered a bug.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.