[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: strange domain name in phishing email
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Re: strange domain name in phishing email
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 09:53:04 -0500
The reason that most webservers will reject it if the Host: header has a
numeric IP address is that the webserver already knows the IP address; the
only point of a host header is so it knows which of multiple dns names was
resolved to that IP address and hence which of the multiple vhosts it should
route the request to. If the Host: header contains only a numeric IP, not a
dns FQDN, it isn't any use in allowing the server to discriminate between
vhosts.
Actually, configuring websites to ONLY accept requests which contain a
host header for the domain in question is an excellent way to block a
lot of "bot" or otherwise automatically generated queries. Having our
IIS servers setup to do this back in '01 blocked a lot of the various
worm defacements.
IIRC, setting IIS up this way was reecommended by Microsoft at one point
as a security precatution.
~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/