339153 - localhost hijack (?)

Status: RESOLVED INVALID

(Firefox :: Security, defect)

Description

[Will]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

Occasionally in Norton Internet Security's Connections log, local and remote IPs on communicating ports will log as jgillick.nettripper.com.  This occurs on various ports that normally log as localhost.  I run Firefox with a number of extensions, but as far as I know, none of them were written by Gillick.  I also have a multitude of anti-virus and anti-spyware programs, and none seems to register anything odd.  It seems to occur randomly, but continues for the entire session.

Reproducible: Sometimes




This may have nothing to do with Firefox, but since all the information I could find indicates that Jeremy Gillick is (or was) part of the Mozilla development team, I figured I'd ask.

Comment 1

[Jo Hermans]

jgillick.nettripper.com is configured as 127.0.0.1, which is incorrect. It seems to confuse Norton Internet Security.

[Honey:~] jhermans% dig jgillick.nettripper.com

; <<>> DiG 8.3 <<>> jgillick.nettripper.com 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      jgillick.nettripper.com, type = A, class = IN

;; ANSWER SECTION:
jgillick.nettripper.com.  3h59m6s IN A  127.0.0.1

;; AUTHORITY SECTION:
nettripper.com.         15h3m52s IN NS  ns27.1and1.com.
nettripper.com.         15h3m52s IN NS  ns28.1and1.com.

;; ADDITIONAL SECTION:
ns27.1and1.com.         16h8m33s IN A   217.160.224.3
ns28.1and1.com.         16h8m33s IN A   217.160.228.3

;; Total query time: 106 msec
;; FROM: Honey.local. to SERVER: default -- 193.74.208.65
;; WHEN: Wed May 24 23:52:59 2006
;; MSG SIZE  sent: 41  rcvd: 133