| Friday April 18th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

loopback.girlscouts-hawaii.org is the new ftp.warez.org


Back in the 20th century, someone propagated the IP address of ftp.warez.org to be 127.0.0.1 — the same address as localhost, your own computer. So when kids would pop onto the Internet and ask “where can I grab free games?” folks could tell him to ftp to ftp.warez.org, and then giggle at the thought of some kid FTP’ing himself.

Ok, it wasn’t that great a joke.

Well, girlscouts-hawaii.org seems to be doing the same thing now:

bash-3.1$ whois girlscouts-hawaii.org | grep Server
Name Server:NS1.TWTELECOM.NET
Name Server:NS2.TWTELECOM.NET
bash-3.1$ nslookup - NS1.TWTELECOM.NET
> 127.0.0.1
Server: NS1.TWTELECOM.NET
Address: 216.136.95.2#53
1.0.0.127.in-addr.arpa name = loopback.girlscouts-hawaii.org.
1.0.0.127.in-addr.arpa name = localhost.


This has propagated to most DNS servers we could find.


bash-3.1$ nslookup loopback.girlscouts-hawaii.org w20ns.mit.edu
Server: w20ns.mit.edu
Address: 18.70.0.160#53
Non-authoritative answer:
Name: loopback.girlscouts-hawaii.org
Address: 127.0.0.1

And, here’s the kicker, it shows up reverse lookups for anyone using Time Warner’s DNS servers.


bash-3.1$ dig +short -t ptr 1.0.0.127.in-addr.arpa
loopback.girlscouts-hawaii.org.
localhost.

Thankfully this last one hasn’t propagated, and hopefully it won’t. Still, Time Warner isn’t exactly tiny. For all the homes and businesses hanging off of their networks, any tools that do reverse lookups are going to generate some very confusing results. It also suggests risks to an organization relying upon reverse lookups for any kind of access control.

UPDATE: Time Warner has fixed the DNS so the reverse-lookup doesn’t happen any more. Forward does, but that’s not hurting anybody.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.