| View previous topic :: View next topic |
| Author |
Message |
TripKnot
Apprentice
Joined: 29 May 2002
Posts: 213
|
 Posted: Thu Dec 12, 2002 5:54 am Post subject: and.doxdesk.com |
 |
|
I was looking through my Apache log files like I do occasionally and saw the following line:
| Quote: |
localhost - - [10/Dec/2002:12:01:11 -0500] "GET /file/software/js/parasite.js HTTP/1.1" 404 234 "http://and.doxdesk.com/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5"
|
Now, I never visited and.doxdesk.com and when I enter that address into my browser (Phoenix 0.5 or links) I am redirected to 127.0.0.1, which is obviously the local computer. Same thing happens on my other computer which is rarely on but not on another windows pc.
The file mentioned above, parasite.js, does not exist on my pc and a visit to www.doxdesk.com, shows this to be some kind of windows spyware detection script.
Nonetheless, it appears fishy to me, especially the and.doxdesk.com redirecting to my local machine. I'm wondering if anyone else has experienced this or knows what it may mean, if anything? |
|
| Back to top |
|
 |
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Dec 12, 2002 1:03 pm Post subject: |
|
|
Did you try searching google? Plenty of hits, some of which contain a decent explantion of what parasite.js does.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
TripKnot
Apprentice
Joined: 29 May 2002
Posts: 213
|
| Posted: Thu Dec 12, 2002 4:39 pm Post subject: |
|
|
I understand what parasite.js does, I'm not concerned with that.
What does bother me is why and.doxdesk.com is somehow looping back to 127.0.0.1 like its in my /etc/hosts file, when it is not. |
|
| Back to top |
|
|
mr-simon
Guru
Joined: 22 Nov 2002
Posts: 367
Location: Leamington Spa, Warks, UK
|
| Posted: Thu Dec 12, 2002 4:44 pm Post subject: |
|
|
becasuse it's DNS entry points to 127.0.0.1.  | Code: | simon@simon-vaio simon $ dig and.doxdesk.com
; <<>> DiG 9.2.2rc1 <<>> and.doxdesk.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12972
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;and.doxdesk.com. IN A
;; ANSWER SECTION:
and.doxdesk.com. 84123 IN A 127.0.0.1
;; AUTHORITY SECTION:
doxdesk.com. 84123 IN NS ns1.reseller.hosteurope.de.
doxdesk.com. 84123 IN NS ns2.reseller.hosteurope.de.
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 12 16:44:05 2002
;; MSG SIZE rcvd: 107 |
_________________
"Pokey, are you drunk on love?"
"Yes. Also whiskey. But mostly love... and whiskey." |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Thu Dec 12, 2002 5:13 pm Post subject: |
|
|
| TripKnot wrote: | | What does bother me is why and.doxdesk.com is somehow looping back to 127.0.0.1 like its in my /etc/hosts file, when it is not. |
If you read www.doxdesk.com, you'll see that they were/are the focus of a DoS attack, and have switched to www. instead of the usual and. Presumably, the redirection to localhost is a part of combating that attack.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
TripKnot
Apprentice
Joined: 29 May 2002
Posts: 213
|
| Posted: Fri Dec 13, 2002 12:36 am Post subject: |
|
|
| I saw they were part of a DoS attack but didn't understand the redirection part. I get it now. Thank you. |
|
| Back to top |
|
|
|
Networking & Security
