InformAction Forums

Hi,

I read this: http://noscript.net/abe/abe_rules.pdf and I'm wondering why the "LOCAL" token does not cover the TLD ".local" which is the mDNS TLD to resolve hosts in the local network.

IMHO it should be covered by that rule...

KR,

Grimeton.

The "LOCAL" relies on actual DNS resolution, hence while hardcoding ".local" might look like an optimization, if a (maliciously?) misconfigured DNS points a *.local name to an external IP this would become a vulnerability.

Hi,

then, at least for IPv4, you should check if the .local hostname points to a private subnet...

As this all becomes invalid for IPv6 (no, fe80:: is not the equivalent of the IPv4 private subnets), you will have to rely on the fact that people are able to configure their DNS correctly ...

KR,

G.

Grimeton wrote:you will have to rely on the fact that people are able to configure their DNS correctly ...

If I understand correctly, ABE will simply look at what each hostname resolves to, and determine whether that IP address is local. I don't see how misconfigured DNS becomes an issue in that case. If http://foo.local points to a WAN IP, it will be correctly treated as one, and if www.random.com points to something local (common in captive internet gateways), then it will be correctly treated as local. Where is the problem?

Hi,



And the host resolves to a local address in the 192.168/16 subnet.

cu