undefined | Better HN

0 pointsciarannolan5y ago0 comments

Perhaps they can point a particular host to a malicious IP rather than "0.0.0.0". In a list of several hundred thousand domains, you wouldn't be able to notice this manually.

ex., make Bank of America resolve to a phishing site rather than the real BoA IP.

Pi-Hole and others might check for this though, I don't know.

0 comments

tejtm5y ago

Back before security fatigue set in, I would filter the lists through my own sanity checks for this sort of thing (never found a single one amiss after years) then point my clients at my vetted lists.

willis9365y ago

I am under the impression that the blocklist programs (such as ublock origin or pi-hole) do not have an option to redirect to anything other than the void. I can only see downsides to allowing this.

contravariant5y ago

Actually ublock-origin has some options to replace Javascripts with custom (presumably less intrusive) scripts. Although I don't think 3rd party lists can do this.

Anyway the repository in this post also provides host files, which most definitely can redirect you to malicious IPs.

Edit: Turns out 3rd party block lists can use the redirect feature but only to Ublock Origin managed resources: https://github.com/gorhill/uBlock/wiki/Resources-Library

jlgaddis5y ago

> ... do not have an option to redirect to anything other than the void.

Pi-hole uses dnsmasq [0], a caching DNS resolver (among other things), and includes its own customized configuration files for it.

With that level of control, Pi-hole has the ability to redirect you anywhere on the Internet that they want.

We all hope that the folks behind Pi-hole would never do such a thing -- but they do have the "option".

---

[0]: http://www.thekelleys.org.uk/dnsmasq/doc.html

csunbird5y ago

HTTPS should protect you from that.

j / k navigate · click thread line to collapse