http://sites.google.com/site/dnslocator/

thanks a lot for this new feature! Very nice :-)
And general thanks for noscript! Firefox without noscript is like a dog without a bone.

When I’d pinged a1plpkivs-v03.any.prod.ash1.secureserver.net, I’d gotten 72.167.239.239 last week… but last night I spaced and didn’t ping ocsp.godaddy.com to compare. Result: in my neck of the woods, that turns into ocsp.godaddy.com.akadns.net & resolves to 72.167.239.239 as well. Cool beans.

Thanks for getting me back on to the straight and narrow — have an excellent weekend!

@DareDeMo:
Nothing to be worried about: n1plpkivs-v03.any.prod.ams1.secureserver.net, despite its scary shape, is just the same as ocsp.godaddy.com, which is queried by Firefox to validate secure.informaction.com’s SSL certificate:

> dig ocsp.godaddy.com
[...]
ocsp.godaddy.com.akadns.net. 36 IN      A       188.121.36.239

> dig n1plpkivs-v03.any.prod.ams1.secureserver.net
[...]
n1plpkivs-v03.any.prod.ams1.secureserver.net. 3319 IN A 188.121.36.239

Pardon the lengthy reply below – I can take this offline if it would be better than flooding this board, & if you’re game.

Setup – 2 different VMs, each running Server 2003. One with Firefox 3.6.8 + NoScript 2.0, Firebug 1.5.4 & Web Developer 1.8 add-ons. One with NoScript 2.0 & Web Developer 1.8 add-ons. Each use a blank page upon Firefox startup.

Between the two, the experiment results are consistent:

A:
run netstat –a, see that it’s clean, turn on Firefox w/ NoScript 2.0 enabled, fire off netstat –a again within seconds of having started Firefox, see that netstat reported connection out to a1plpkivs-v03.any.prod.ash1.secureserver.net briefly.

B:
Next, disable NoScript, turn off Firefox, netstat (clean), turn on Firefox, netstat a bunch of times – clean / no ‘*.secureserver.net’ line.

As a different experiment, I rolled one VM back to a snapshot prior to upgrading NoScript to 2.0. No *.secureserver.net oddities observed when fiddling with netstat & Firefox at load. Then installed 2.0 and that crazy guy was back in existence each time Firefox starts unless NoScript is disabled.

So, I trotted out a third VM, also Server 2003, with Firefox 3.6.8 on it w/ Firebug 1.5.4 and Web Developer 1.8. NoScript is also on it, but I’d left it at version 1.10. Like the roll-back experiment, with NoScript either enabled or disabled, *.secureserver.net doesn’t make an appearance.

Anyhow, I anticipate having more time toward the middle of next week to continue exploring this. I can snapshot that 3rd VM, upgrade NoScript to 2.0 and see if it joins the ranks. May be able to see what Fiddler 2 has to say as well during the various scenarios.

Again – thanks for all of the work you’ve done with NoScript as well as casting your eye toward this bit of weirdness my paranoia had me stumble across. ;)

This kind of attack will be now useless with NoScript, but only for the external router. I believe that some corporations host their own web servers at the same place, on the same network they connect their employees. So ultimately, a road may be traced through the firewall via a DNS Rebinding attack, even with NoScript.

To address this potential threat, why not allowing the user to set manually the IPs of not only the external gateway, but also all the hosts accessible on the same network having other(s) IP(s) on other(s) subnet(s) ?
This would permit to have more control and would address too the problem of the external proxy. Am I wrong ?

Are you sure this goes away if you disable NoScript and comes back when you enable it?
Have you got an home page opened at startup?

Thank you for all of the work you’ve put into NoScript & keeping us well protected from so many potential pitfalls that are out on the net.