Full Disclosure mailing list archives
Re: Re: strange domain name in phishing email
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 15 Mar 2006 09:53:04 -0500
The reason that most webservers will reject it if the Host: header has a numeric IP address is that the webserver already knows the IP address; the only point of a host header is so it knows which of multiple dns names was resolved to that IP address and hence which of the multiple vhosts it should route the request to. If the Host: header contains only a numeric IP, not a dns FQDN, it isn't any use in allowing the server to discriminate between vhosts.
Actually, configuring websites to ONLY accept requests which contain a host header for the domain in question is an excellent way to block a lot of "bot" or otherwise automatically generated queries. Having our IIS servers setup to do this back in '01 blocked a lot of the various worm defacements.
IIRC, setting IIS up this way was reecommended by Microsoft at one point as a security precatution.
~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: strange domain name in phishing email, (continued)
- Re: strange domain name in phishing email Alice Bryson (Mar 15)
- Re: strange domain name in phishing email gboyce (Mar 15)
- Re: strange domain name in phishing email Jianqiang Xin (Mar 15)
- Re: strange domain name in phishing email Q Beukes (Mar 15)
- Re: strange domain name in phishing email Michael Holstein (Mar 14)
- Re: strange domain name in phishing email sheeponhigh (Mar 14)
- Re: strange domain name in phishing email Dave Korn (Mar 15)
- Re: Re: strange domain name in phishing email Michael Holstein (Mar 15)
- Re: strange domain name in phishing email Dave Korn (Mar 16)
- Re: Re: strange domain name in phishing email Valdis . Kletnieks (Mar 16)
- Re: Re: strange domain name in phishing email Steve Kudlak (Mar 16)