“Localhost” misconfiguration: Vietnamese IP resolving as localhost

Update: My post (and the email I sent to isc.sans.edu) was mentioned here: https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/

I found this while analyzing email DMARC records for one of my domains this morning. If your localhost resolution is misconfigured you might be sending some info to a public IP at “123.28.192.74” in Vietnam. Or maybe not? It could be an attempt at fooling spam systems configured for reverse DNS lookups.  It’s resolving as a reverse lookup so not sure the security implications around this. Systems that utilize DNS name lookups for security validation should not be trusted.

Running this IP against OpenDNS resolves the IP in question.

The APNIC WHOIS records return this: http://wq.apnic.net/static/search.html?searchtext=123.28.192.74&do_search=Search

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.