nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?

From: "tim () pelican org" <tim () pelican org>
Date: Mon, 23 Aug 2021 12:24:09 +0100 (BST)
On Monday, 23 August, 2021 10:19, "Karl Auer" <kauer () biplane com au> said:


You could block inappropriate inbound requests, but not knowing what is
on the web servers makes that an infinite set of possibilities. So you
would really have to permit only appropriate inbound requests. On
anything but a trivial server the set of appropriate inbound requests
could be very, very large. Not to mention that rewrite rules and
suchlike could be blurring the difference between appropriate and
inappropriate on a web server where the configuration is possibly in
the hands of the bad guys.


That's a good point - I was thinking solely in terms of the DNS-based / simple vhost stuff, where a client is 
requesting 'Host: www.badguys.com' from an IP address that "should" only be serving www.mystuff.com.

www.mystuff.com/secret/content/here/badguys.com/ is the obvious and trivial workaround, I'm sure there are much more 
sophisticated ways to do it.

But we may both be talking about the wrong thing until Pirawat confirms :)

Regards,
Tim.
Previous By Date Next
Previous By Thread Next

Current thread: