3

I just accidentally typed imadb.com and after 2 redirects (I think) I ended up at: http://dp.000.in/

You can imagine my surprise when I noticed I was seeing my webpages on my local host!

Can someone explain why dp.000.in points to the local host and what was the reasoning behind the redirects?

MealstroM
  • 1,517
  • 1
  • 17
  • 32
zaf
  • 157
  • 1
  • 7

3 Answers3

3

I believe it's called DNS rebinding attacks.

weeheavy
  • 4,089
  • 1
  • 28
  • 41
  • Holy cow! Is this very serious or can I ignore it? – zaf Oct 18 '10 at 09:29
  • No need to be afraid, apart from that: http://www.smallnetbuilder.com/security/security-features/31212-is-your-router-one-in-a-million . If you're using Firefox, install NoScript (see http://hackademix.net/2010/07/28/abe-patrols-the-routes-to-your-routers/) – weeheavy Oct 18 '10 at 09:41
2

Someone must have registered that in public DNS with an A record of 127.0.0.1. I am seeing this too when I do an nslookup for dp.000.in.

whois for 000.in doesn't reveal much. Poking around with some similar fqdns (do.000.in and dq.ooo.in) brings up the IP address 64.74.223.36, but there aren't any websites there.

That doesn't really answer the question.

dunxd
  • 9,632
  • 22
  • 81
  • 118
1

There are some answers for that:

  1. It's really convenient to do that when you are a site developer. You just make some changes locally and watch what will be in fact. And you don't need to just make some changes in production.

  2. Someone created a zone and forgot to change the default A record.

  3. This page should be only for internal use, but was accidentally put outside.

You shouldn't worry about that if you have right nslookup answer (and not from yours PC).

ctype.h
  • 205
  • 1
  • 3
  • 11
MealstroM
  • 1,517
  • 1
  • 17
  • 32