Anyone ever see a computer reaching out to rfc2549 dot network or specifically newyork.mordor.rfc2549 dot network?
I have a linux Parrot OS machine that requests this once in a while and see it coming up in my firewall as blocked with “potentially dangerous” as the description.
When I search this, all I get is IP over Avian carrier with QOS, but nothing popping up about the dot net site.
Could this be a legitimate Parrot OS site for things like updates? Whois comes back as private registration through Porkbun, which seems odd for an OS to use something privately registered.
Here’s RFC2549, it talks about IP over Avian Carriers and was an April 1st prank in ‘99.
Then there’s Parrot hostname set to newyork[.]mordor[.]rfc2549[.]network. There are more hostnames besides newyork, there’s also frankfurt that is associated with Parrot OS, likely distributed over some regional datacenters.
The thing that throws me is there is no page at rfc2549.network, nor at any of the subdomains. They should at least have something up to let you know you’ve arrived somewhere.
I did allow it to pass after a post on another forum, and told the filter provider that maybe they should check and clear it globally (Zenarmor). Someone probably saw it, saw the blank page, and reported it without really looking into why their device was trying to go there.
That definitely sounds strange. I’ve used Parrot OS in the past and never noticed it reaching out to anything like rfc2549 domains. Since it’s blocked and marked as potentially dangerous, I’d be cautious before allowing it. Could be some leftover joke reference to RFC2549 (the carrier pigeon protocol), but a privately registered domain tied to that name does seem suspicious. I’d double-check your sources list in Parrot OS and maybe run a packet capture to see what’s actually being requested.