[tor-talk] DNS hijacking

throwaway123 at sigaint.org throwaway123 at sigaint.org
Fri Apr 3 22:15:42 UTC 2015


For months now one of my domains keeps getting redirected sometimes when
accessed through Tor. Even non-existing subdomains.

Instead of landing on my page, one will get to a site looking exactly like
parkingcrew.net, complete with ads and trackers, but located at a
different IP in the US and showing the domain tried to access instead of
"parkingcrew.net". I played around a bit and found out that it will accept
any valid-looking domain supplied in the Host header, even if the domain
doesn't actually exist.

It will only happen when using Tor. I did a "normal" DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP, the latter
pointing to said server.

Someone out there is manipulating DNS resolves done through Tor.



More information about the tor-talk mailing list