Re: [Full-disclosure] Re: strange domain name in phishing email



The reason that most webservers will reject it if the Host: header has a numeric IP address is that the webserver already knows the IP address; the only point of a host header is so it knows which of multiple dns names was resolved to that IP address and hence which of the multiple vhosts it should route the request to. If the Host: header contains only a numeric IP, not a dns FQDN, it isn't any use in allowing the server to discriminate between vhosts.

Actually, configuring websites to ONLY accept requests which contain a host header for the domain in question is an excellent way to block a lot of "bot" or otherwise automatically generated queries. Having our IIS servers setup to do this back in '01 blocked a lot of the various worm defacements.

IIRC, setting IIS up this way was reecommended by Microsoft at one point as a security precatution.

~Mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/