| Wednesday May 25th 2016

loopback.girlscouts-hawaii.org is the new ftp.warez.org

Back in the 20th century, someone propagated the IP address of ftp.warez.org to be — the same address as localhost, your own computer. So when kids would pop onto the Internet and ask “where can I grab free games?” folks could tell him to ftp to ftp.warez.org, and then giggle at the thought of some kid FTP’ing himself.

Ok, it wasn’t that great a joke.

Well, girlscouts-hawaii.org seems to be doing the same thing now:

bash-3.1$ whois girlscouts-hawaii.org | grep Server
bash-3.1$ nslookup - NS1.TWTELECOM.NET
Address: name = loopback.girlscouts-hawaii.org. name = localhost.

This has propagated to most DNS servers we could find.

bash-3.1$ nslookup loopback.girlscouts-hawaii.org w20ns.mit.edu
Server: w20ns.mit.edu
Non-authoritative answer:
Name: loopback.girlscouts-hawaii.org

And, here’s the kicker, it shows up reverse lookups for anyone using Time Warner’s DNS servers.

bash-3.1$ dig +short -t ptr

Thankfully this last one hasn’t propagated, and hopefully it won’t. Still, Time Warner isn’t exactly tiny. For all the homes and businesses hanging off of their networks, any tools that do reverse lookups are going to generate some very confusing results. It also suggests risks to an organization relying upon reverse lookups for any kind of access control.

UPDATE: Time Warner has fixed the DNS so the reverse-lookup doesn’t happen any more. Forward does, but that’s not hurting anybody.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.