Re: [Freedos-user] Why is curl contacting a ransomware host?

2019-02-14 Thread Kenway, Owain 
Hi,

It does look like, as you suppose, curl is resolving the http part of the url 
and treating it as the host - i.e. on my Linux box here at work:

[airachnid:uccaoke] ~ ☻ ☛ host http
Host http not found: 3(NXDOMAIN)
[airachnid:uccaoke] ~ ☹ ☛ host http.com
http.com has address 208.73.211.165
http.com has address 208.73.211.177
http.com has address 208.73.210.217
http.com has address 208.73.210.202

The second IP address is the one you are seeing.

This is presumably a bug with how it's interpreting the URL?  Possibly 
something needs to be escaped in DOS?

Cheers,
Owain
--
/UCL/ISD/RITS/[Acting] Head of Research Computing/Owain Kenway
Twitter: @owainkenway   || E-mail: o.ken...@ucl.ac.uk
Internal: 59834 || External: 02031089834
The Green Zone, 1 St Martin's Le Grand, London, EC1A 4NP



From: R Moog 
Sent: 14 February 2019 01:20
To: freedos-user@lists.sourceforge.net
Subject: [Freedos-user] Why is curl contacting a ransomware host?

Hello,

Here's the setup. I put FreeDOS 1.2 into a KVM-backed VM and gave it a Realtek 
8139 so I can test network connectivity.
I've installed the appropriate packet driver from here 
http://www.georgpotthast.de/sioux/packet.htm
Next, I run "curl -v 
http://10.0.0.2:8080"
 because this is where I keep my Jenkins running on my local network.
To my surprise, the results are completely inconsistent with reality. This is 
what I get on DOS after the compile errors:
*   Trying 208.73.211.165... connected
> GET 
> //10.0.0.2:8080
>  HTTP/1.1
> User-Agent: curl/7.21.6 (i386-pc-msdosdjgpp) libcurl/7.21.6 CyaSSL/2.0.0rc1 
> zlib/1.2.5
> Host: http
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 14 Feb 2019 01:03:53 GMT
< Server: Apache
< Content-Length: 51
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host http left intact
* Closing connection #0


At first I googled this strange IP and got this: 
https://ransomwaretracker.abuse.ch/ip/208.73.211.177/
Everyone loves talking to unexpected ransomware hosts at 2 AM :)
I tried confirming the results on 10.0.0.2 and curl properly got me the Jenkins 
login prompt and a 403.
So I've read the DOS curl output the 2nd time. What peaked my interest is 
"Connection #0 to host http left intact". On Linux it said "Connection #0 to 
host 10.0.0.2 left intact"... Wait a minute. Did curl just resolve "http" into 
a DNS host?
I realized this may be due to my mistake, so I tried to escape the slashes and 
encapsulate the destination into single and double quotemarks. No effect. I 
only get the correct result if I completely skip "http://; from the destination.

Anyone else had this problem?

Best regards,
Michal

___
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user

Re: [Freedos-user] Would someone help me with my subscription ? (follow-up)

2017-06-21 Thread Kenway, Owain 
Hi,

I didn't get a captcha either on Firefox 54.0 on Linux, but the form was 
accepted.  Something is broken at SourceForge, I guess.

Cheers,
Owain

--
/UCL/ISD/RITS/RC Applications & Support Team Leader/Owain Kenway
Twitter: @owainkenway   || E-mail: o.ken...@ucl.ac.uk
Internal: 59834 || External: 02031089834
First Floor, The Podium, 1 Eversholt Street, London, NW1 2DN



From: Jose Antonio Senna 
Sent: 21 June 2017 02:03
To: FreeDOS users
Subject: Re: [Freedos-user]  Would someone help me with my subscription ? 
(follow-up)

Ralf Quint said :

> The captcha dialog, without actually showing a
> captcha, is a bug/quirk on SourceForge's site.
> It does happen not only with older browsers,
> but I just had this happen just minutes ago
> in Firefox 54 (on Windows 10-15063.413).

  I never said the captcha only fails to appear
 in older browsers. On the contrary, I said,
 clearly enough, that it did not appear also
 in Chrome under Android, but, in this case,
 the form was accepted, while under both
 Firefox 2.0.20 and SeaMonkey 2.6.12 it was
 rejected and the stated reason for rejection
 was a missing captcha answer.

  The reply I got from SourceForge did not
 mention nor suggest any bug/quirk in
 Sourceforge's site. It offered  two suggestions
 to solve the problem. One was that I enable
 JavaScript, which was already enabled. The
 other was to use another browser.

   No one said before in this list that the captcha
 does not appear under Firefox 54. If the form
 was accepted even without captcha, this is
 more evidence in support of what I said.

JAS




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user