nanog mailing list archives
Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
From: "tim () pelican org" <tim () pelican org>
Date: Mon, 23 Aug 2021 12:24:09 +0100 (BST)
On Monday, 23 August, 2021 10:19, "Karl Auer" <kauer () biplane com au> said:
You could block inappropriate inbound requests, but not knowing what is on the web servers makes that an infinite set of possibilities. So you would really have to permit only appropriate inbound requests. On anything but a trivial server the set of appropriate inbound requests could be very, very large. Not to mention that rewrite rules and suchlike could be blurring the difference between appropriate and inappropriate on a web server where the configuration is possibly in the hands of the bad guys.
That's a good point - I was thinking solely in terms of the DNS-based / simple vhost stuff, where a client is requesting 'Host: www.badguys.com' from an IP address that "should" only be serving www.mystuff.com. www.mystuff.com/secret/content/here/badguys.com/ is the obvious and trivial workaround, I'm sure there are much more sophisticated ways to do it. But we may both be talking about the wrong thing until Pirawat confirms :) Regards, Tim.
Current thread:
- Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Pirawat WATANAPONGSE via NANOG (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Bill Woodcock (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Pirawat WATANAPONGSE via NANOG (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Adam Thompson (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Owen DeLong via NANOG (Aug 19)
- What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?) John Curran (Aug 19)
- Re: What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?) Anne P. Mitchell, Esq. (Aug 20)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Pirawat WATANAPONGSE via NANOG (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Bill Woodcock (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Valdis Klētnieks (Aug 20)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? tim () pelican org (Aug 23)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Karl Auer (Aug 23)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? tim () pelican org (Aug 23)