Forums General Discussion Something that I don't understand

First I want to say sorry for posting this kind of question that has NOTHING to do with mIRC. But I guess that here I'll get a fast answer... also I guess that somebody know the answer... So...
Try to do /dns www.hack.co.za or ping www.hack.co.za, or anything you want in order to find ip address of this host. I get this (by doing /dns from mIRC or by any other way I try):
(00:38) * Dns resolving www.hack.co.za
-
(00:38) * Dns resolved www.hack.co.za to 127.0.0.1
-
This is a spoof that one of the IRCOPs uses... After a couple of minutes he changed hack.co.za to localhost.net. When I did a dns for his nick I got this :
/dns <IRCOPsNick>
(00:37) * Dns resolving localhost.net
-
(00:37) * Dns resolved localhost.net to 127.0.0.1
-
I don't know how is that done... Any ideas, please!
Thanx!

Usually its done on Unreal IRCd servers which support a command which "hides/spoofs" an individuals host.

The usual syntax is, /chghost [nickname] [hostname]

Eamonn.

Thanks man, but I know that... What I don't know is how can it be resolved to 127.0.0.1 (localhost).

When you do a /dns (or any other way [trace route, ping...]) on a host that is spoof (set in ircd conf file or by a command) you always get this:
(00:58) * Dns resolving something.something.com
-
(00:58) * Dns unable to resolve something.something.com
-

Because, YOUR address on IRC is defined by the server, usually you will find when you connect it will get your ip and store it againest your nickname, as a result by simply editing the data the server has stored (using /chghost) it can change your address, and in this case, he has used localhost.net which is a REAL domain, which resolves to 127.0.0.1

/dns localhost.net

Just like if he was to "spoof" his host to be 'www.com' then it would resolve to '63.215.91.200' because mIRC takes the host/ip and independantly resolves it without the help of the server.

Its a bit confusing trying to explain it, sorry if you dont quite get it.

Eamonn.

Tell me, friend... when you do /dns www.hack.co.za what do you get?

It resolves to 127.0.0.1. That's because it's a real hostname which has had it's nameservers set to resolve to 127.0.0.1. There's no trick.

But how can he use it as spoof. Does he need to own that server (ns server)?

He might. Or if he's an oper he can use a command like the one Coolkill demonstrated in order to change what the IRC server displays as his hostname.

The person who owns that hostname had to specifically set it to resolve to 127.0.0.1, the user couldn't have spoofed that.

Thanks man, I understand it now.

ah www.hack.co.za. That used to be a very popular site a few years ago, during the h4x0r era. It was an exploits archive. Its been resolving to 127.0.0.1 for about 2 years now, ever since the internet turned stupid (DDoS monkeys).