cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Hacking / Hijacking / or OTHER ?

From: Botany <botany_at_strato.net>
Date: Fri, 23 Mar 2012 12:39:26 -0400

> If you would add "--trace-ascii dumpfile" to your command line you will
> get everything sent and received logged and using that you should be able
> to verify if Bill's theories are correct.

Thanks Daniel! That's just what I needed. After looking at the dumpfile
from the trace, I noticed that a second connection was being made in each
case. When I change the word at the end of the command, I got a different
connection. This is going to now seem p-r-e-t-t-y o-b-v-i-o-u-s, but
what's happening is that the word "Nessus", "larry", or "whatever", is
having a whois lookup done on it, and then cURL is making a additional
connection to it. In each case, ".com" is somehow automatically assumed in
the whois query. It is interesting that if a service such as
http://www.whois.sc/ is used, domain DNS server data will be returned even
though no extension is used. However, a direct whois query from the
command line (e.g, #whois Nessus) will fail with "No whois server is known
for this kind of object."

I tested this by building a clean "fresh" Ubuntu 10.04LTS server, installing
LAMP, and WHOIS. cURL was preinstalled on this instance.

In order to illicit the same output as the server at issue, I had to set the
hostname/hosts of the "fresh" server to a ".com", and use a ".com" domain
for the base URL in the command. Example: curl -i
http://hotdogtreexxx.com/-A larry

I consider the issue resolved as far as it not being a security problem, and
certainly nothing to do this cURL. Although I still don't know where/how
the domain lookup is taking place. Unless there are any more remarks, I
think this issue should be designated "case closed".

One short comment which I sometimes feel I need to make, is that Linux is so
voluminous, open-ended, and dynamic that it is impossible for one person to
research every problem and find all the answers needed to learn and
administer the OS. "Group Learning", that is, drawing on the research and
hard-fought knowledge of others, is essential in order progress very far.
This is a "two-way" street, though, with an individual at one end, and
everyone else in the World at the other! We all need to contribute and help
whenever we can.

Thanks to Daniel and Bill for helping me out. You were both "right on
target" !

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-23