lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <44182A50.5090405@csuohio.edu>
Date: Wed Mar 15 14:53:47 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: Re: strange domain name in phishing email

>   The reason that most webservers will reject it if the Host: header has a 
> numeric IP address is that the webserver already knows the IP address; the 
> only point of a host header is so it knows which of multiple dns names was 
> resolved to that IP address and hence which of the multiple vhosts it should 
> route the request to.  If the Host: header contains only a numeric IP, not a 
> dns FQDN, it isn't any use in allowing the server to discriminate between 
> vhosts.

Actually, configuring websites to ONLY accept requests which contain a 
host header for the domain in question is an excellent way to block a 
lot of "bot" or otherwise automatically generated queries. Having our 
IIS servers setup to do this back in '01 blocked a lot of the various 
worm defacements.

IIRC, setting IIS up this way was reecommended by Microsoft at one point 
as a security precatution.

~Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ