Have you guys ever head of DNS Bit-squatting? It's when a bit in a DNS String gets flipped and the domain gets mangled. The main cause for this is memory corruption, which can be avoided with ECC, and electrical network problems, such as wiring. So, someone requests something from gstatic.com for example, and a bit gets flipped or lost, and the following could occur:
gstathc.com
cstatic.com
gstauic.com
gstatis.com
gsuatic.com
grtatic.com
gstatyc.com
gstapic.com
gstitic.com
gstatib.com
gspatic.com
wstatic.com
g3tatic.com
estatic.com
gstatig.com
gs4atic.com
fstatic.com
gstatac.com
gstctic.com
gstqtic.com
gstadic.com
gstaticncom
gsta4ic.com
ostatic.com
gwtatic.com
gqtatic.com
gstatmc.com
gctatic.com
gsdatic.com
gstatkc.com
gstatik.com
gsvatic.com
gstetic.com
gstavic.com
gstatia.com
You would register this domains and make a server they all point to, and than people with memory or wiring errors request the crap actually from you. A guy registered all the above domains, and was hitting 10000 requests a day on them. gstatic is Google's static service for HTML, CSS, JS, XML, JSON etc. Interesting.
This is interesting. If what you're saying is true then that means this happens at least 10000 times per day. When you compare that to the actual amount of successful requests it doesn't seem that improbable.
Now here's the real question, how could one take advantage of this? Maybe try to serve something malicious to the requests ?
>>55528736
There is a Def-Con presentation about this. The requests were pigging g3tatic.com and asking for the Google logo, and the guy server an image that said "Occupy" in the Google style. He got a a LOT of requests. Its because phone memory corruptions is frequent because of heat.
https://www.youtube.com/watch?v=9Sgaq6OYLX8
>>55528666
so how many of these requests were just bots trying every possible ip in every possible way?
>>55528810
>mfw
>>55528843
Well look at the video above. There is a lot of different user agents.
>>55528666
>Have you guys ever head of DNS Bit-squatting?
Yes. I've seen a presentation about it at SecTor and made a report about it a few months before that.
>>55528736
Serve malware or maybe ads if you feel like going 'legit'.
Given that most of the requests come from phones, I can imagine this can also be used.
>>55528666
Damn that's interesting.
>>55528666
I am as fascinated as I am concerned
Bump because it's not a shit post
Let's hope he made lots of money from american citizens that way.
