32
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Jul 2024
32 points (100.0% liked)
TechTakes
1427 readers
106 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
I got curious and looked up both IPs associated with the domain name and it is in fact just CloudFlare
also, their DNS-over-HTTPS (this is new to me but I stay the fuck away from cloudflare and it looks like a standard they’ve pushed for) endpoint is just the 1.1.1.1 one with the domain name changed, but the AdGuard and Accelerator ones basically confirm they’re analyzing traffic before passing it off to cloudflare
that's fabulously odious!
yeah, think i'll be writing this one up for the weekend
this sort of thing does not help me have an anti-carceral attitude
This is slightly weird. There's a company called "DNSfilter" that's been advertising itself for a few years as an "AI-powered DNS resolver" - since well before the present hype. I suspect their "AI" bit is threat detection with machine learning in. They appear to be going for the lucrative boring enterprise market.
This thread suspects the whole 0ms.dev thing was written with LLMs and the "mirrors" bit is basically an open proxy.
You sure they're skimming results? I saw what looks like a filter to add to an adblocker ...
could test this by setting up a simple example page and seeing the originating source for the traffic
same technique as previous, using an http (not https) canary:
idle thought: since this is (as @self highlighted) effectively an open proxy, you could also just resource-bomb it quite easily
not that I'm planning to, but it'd be dirt bloody easy and it would be a very quick test as to the claims on the site
while looking into this I was surprised to find that hickory doesn't seem to have a cli binary in its crates. did find crab-hole and adguardian in the process though, gonna have to play with those later
see I don’t have a smoking gun on this, but if it is a garden variety adblocker and whatever the accelerator does (it’s extremely unclear) running on cloudflare workers, they at least have the ability to MiTM and modify DNS queries, and open proxies are always a security nightmare. my impression is the filter list they link is either what that endpoint uses to filter, or it’s LLM vomit they kept in because it felt more legitimate.
this might be worth poking at more in a controlled setting — a command line DNS-over-HTTP client using their endpoints and some exploration of the open proxy with curl (especially with sites that utilize credentials, with great care taken to use disposable accounts for this) might be illuminating
a quick check using a canary. test command:
canary trigger:
so, yeah, the actual resolve is being done by cloudflare servers too - it's not even just a cf frontproxy to a different backend service. could be done with cf workers or something, I imagine, would need to test a bit further to know/try see