Re: Ping from Unix Box Reveals all Domains on that IP (fix?)
From:Date: 08/12/02
- Next message: Security Alert: "Security Vulnerability in DNS resolver libraries"
- Previous message: Peter J. Holzer: "Re: Ping from Unix Box Reveals all Domains on that IP (fix?)"
- In reply to: Angel: "Ping from Unix Box Reveals all Domains on that IP (fix?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Aug 2002 15:49:20 GMT
In article <sUC59.17512$Xb.3051464@twister.socal.rr.com>,
Angel <transnation2k@nospam.hotmail.com> wrote:
>I am having an issue right now. I am running RH 7.2 and I noticed that now
>that I have
>my DNS setup, and run my own name servers compared to my ColoCenter's...
>
>I have this issue.
>
>When I ping a domain that is hosted on my server for example:
>
>ping www.domain1.com it replies with:
>
>64 bytes from domain2.com blah blah...
>64 bytes from domain3.com blah blah...
>64 bytes from domain4.com blah blah...
>64 bytes from domain1.com blah blah...
>64 bytes from domain2.com blah blah...
>
>So as you can see it replies with other domains.
The web hosting company probably has multiple reverse DNS entries for the
address, for each of the domains that are hosted on that server. Each time
ping does a reverse lookup it gets a different one.
>I when I send emails from the web GUI via neomail or etc.
>I send it from domain1.com if you look at the header when
>you receive the email it might contain domain3.com etc in the header
>instead of the original/actual domain.
I assume you're talking about the "Received:" line. This is put in by the
receiving system, by performing a reverse lookup of the sender's address.
If there are multiple reverse DNS entries, it may get a different one each
time.
>I tested this with another hosting company I use.
>
>I pinged "adomain.com" I have... it replied with an IP of let's say:
>64.xx.xx.42 now when I ping that IP and see if I ping that IP
>would it give me other domains like on my server?
>
>I ping 64.x.xx.42 and I get the following:
>
>PING 66.xx.xxx.42 (66.91.226.42) from xxx.xxx.xxx.xxx : xx(84) bytes of
>data.
>>From 63.xx.xx.1: Time to live exceeded
>>From 63.xx.xx.1: Time to live exceeded
>>From 63.xx.xx.1: Time to live exceeded
>
>As you can see it does not reply. Would I have to enable that in IPchains
>to not reply to PINGs.. I also noticed that when I Ping the "domain Name"
>it replies with 64.* IP but when I pinged that 64.* IP it replies with 63.*
>not
>responding... very odd sort of loop.. and routing to avoid / security wise.
The 63.xx.xx.1 address in the above message is the address of the router
that's blocking pings.
>I would like to have something liek this where I do not expose domains I
>have
>on that IP... It does not work via Windows command line. but it does
>with a linux shell command line.
Talk to the web hosting company. It's not necessary to have all those
reverse DNS entries -- they just need one entry, which should probably be a
generic name that doesn't identify any particular customer.
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Security Alert: "Security Vulnerability in DNS resolver libraries"
- Previous message: Peter J. Holzer: "Re: Ping from Unix Box Reveals all Domains on that IP (fix?)"
- In reply to: Angel: "Ping from Unix Box Reveals all Domains on that IP (fix?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
