[tor-talk] DNS hijacking
Justaguy
justaguy at justaguy.pw
Fri Apr 3 22:22:28 UTC 2015
Hello.
If you could find out the exit that is doing this, you can report them
to https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
On 04/04/2015 12:15 AM, throwaway123 at sigaint.org wrote:
> For months now one of my domains keeps getting redirected sometimes when
> accessed through Tor. Even non-existing subdomains.
>
> Instead of landing on my page, one will get to a site looking exactly like
> parkingcrew.net, complete with ads and trackers, but located at a
> different IP in the US and showing the domain tried to access instead of
> "parkingcrew.net". I played around a bit and found out that it will accept
> any valid-looking domain supplied in the Host header, even if the domain
> doesn't actually exist.
>
> It will only happen when using Tor. I did a "normal" DNS dig and a
> tor-resolve simultaneously - the first pointing to the real IP, the latter
> pointing to said server.
>
> Someone out there is manipulating DNS resolves done through Tor.
>
--
https://justaguy.pw
PGP fingerprint: 3270 891F 27E5 2638 4EF6 706D 609E 2842 CB06 CC23
The Net treats censorship as a defect and routes around it. ~John Gilmore, 1993
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150404/cd6875bc/attachment.sig>
More information about the tor-talk
mailing list