Re: [Full-disclosure] Re: strange domain name in phishing email



The reason that most webservers will reject it if the Host: header has a numeric IP address is that the webserver already knows the IP address; the only point of a host header is so it knows which of multiple dns names was resolved to that IP address and hence which of the multiple vhosts it should route the request to. If the Host: header contains only a numeric IP, not a dns FQDN, it isn't any use in allowing the server to discriminate between vhosts.

Actually, configuring websites to ONLY accept requests which contain a host header for the domain in question is an excellent way to block a lot of "bot" or otherwise automatically generated queries. Having our IIS servers setup to do this back in '01 blocked a lot of the various worm defacements.

IIRC, setting IIS up this way was reecommended by Microsoft at one point as a security precatution.

~Mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: IIS 6.0 - no host header value - Are host header requests proc
    ... The packets may not be malformed - it may be that the end client is using a DNS server that is incorrectly configured. ... In the case that a request comes in with a host header that matches none of the websites on your machine, then IIS will look for a site that is listening with no host header value *and* specifically bound to the IP address that the request came in on. ...
    (microsoft.public.inetserver.iis.security)
  • [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
    ... everybody ignores the host header. ... will cause bad request returns with some web servers. ... > security zone it should use to render the HTML. ...
    (Full-Disclosure)
  • RE: COELACANTH: Phreak Phishing Expedition]
    ... everybody ignores the host header. ... will cause bad request returns with some web servers. ... > security zone it should use to render the HTML. ...
    (Bugtraq)
  • RE: COELACANTH: Phreak Phishing Expedition]
    ... everybody ignores the host header. ... will cause bad request returns with some web servers. ... > security zone it should use to render the HTML. ...
    (Full-Disclosure)
  • host header names as security devices
    ... I am curious if the use of a host header name ... In the event of an HTTP request sent to the IP address (rather than to the ... hostname) of an IIS server running a web site configured with an IIS host ... match a configured host header name and there was no default site to return. ...
    (Focus-Microsoft)