[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Have you guys ever head of DNS Bit-squatting? It's when

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 12
Thread images: 5

File: ECC_Reg_RAM.jpg (64KB, 640x480px) Image search: [Google]
ECC_Reg_RAM.jpg
64KB, 640x480px
Have you guys ever head of DNS Bit-squatting? It's when a bit in a DNS String gets flipped and the domain gets mangled. The main cause for this is memory corruption, which can be avoided with ECC, and electrical network problems, such as wiring. So, someone requests something from gstatic.com for example, and a bit gets flipped or lost, and the following could occur:

gstathc.com
cstatic.com
gstauic.com
gstatis.com
gsuatic.com
grtatic.com
gstatyc.com
gstapic.com
gstitic.com
gstatib.com
gspatic.com
wstatic.com
g3tatic.com
estatic.com
gstatig.com
gs4atic.com
fstatic.com
gstatac.com
gstctic.com
gstqtic.com
gstadic.com
gstaticncom
gsta4ic.com
ostatic.com
gwtatic.com
gqtatic.com
gstatmc.com
gctatic.com
gsdatic.com
gstatkc.com
gstatik.com
gsvatic.com
gstetic.com
gstavic.com
gstatia.com

You would register this domains and make a server they all point to, and than people with memory or wiring errors request the crap actually from you. A guy registered all the above domains, and was hitting 10000 requests a day on them. gstatic is Google's static service for HTML, CSS, JS, XML, JSON etc. Interesting.
>>
This is interesting. If what you're saying is true then that means this happens at least 10000 times per day. When you compare that to the actual amount of successful requests it doesn't seem that improbable.

Now here's the real question, how could one take advantage of this? Maybe try to serve something malicious to the requests ?
>>
File: Screenshot_2016-07-12_00-40-14.png (211KB, 851x471px) Image search: [Google]
Screenshot_2016-07-12_00-40-14.png
211KB, 851x471px
>>55528736
There is a Def-Con presentation about this. The requests were pigging g3tatic.com and asking for the Google logo, and the guy server an image that said "Occupy" in the Google style. He got a a LOT of requests. Its because phone memory corruptions is frequent because of heat.

https://www.youtube.com/watch?v=9Sgaq6OYLX8
>>
>>55528666
so how many of these requests were just bots trying every possible ip in every possible way?
>>
File: sheeeeit.png (31KB, 530x564px) Image search: [Google]
sheeeeit.png
31KB, 530x564px
>>55528810
>mfw
>>
>>55528843
Well look at the video above. There is a lot of different user agents.
>>
>>55528666
>Have you guys ever head of DNS Bit-squatting?

Yes. I've seen a presentation about it at SecTor and made a report about it a few months before that.
>>
>>55528736
Serve malware or maybe ads if you feel like going 'legit'.
Given that most of the requests come from phones, I can imagine this can also be used.
>>
>>55528666
Damn that's interesting.
>>
File: monitoring_thread.jpg (76KB, 800x600px) Image search: [Google]
monitoring_thread.jpg
76KB, 800x600px
>>55528666
I am as fascinated as I am concerned
>>
Bump because it's not a shit post
>>
File: 1466472404881.gif (3MB, 360x270px) Image search: [Google]
1466472404881.gif
3MB, 360x270px
Let's hope he made lots of money from american citizens that way.
Thread posts: 12
Thread images: 5


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.