DNS Attacks

Jeroen Massar jeroen at unfix.org
Sun Feb 19 06:02:01 CST 2012


On 2012-02-19 12:59 , Patrick W. Gilmore wrote:
> On Feb 19, 2012, at 10:59, Ken Gilmour <ken.gilmour at gmail.com> wrote:
>> On Feb 18, 2012 10:24 PM, "Robert Bonomi" <bonomi at mail.r-bonomi.com> wrote:
>>>
>>> Even better, nat to a 'bogon' DNS server -- one that -- regardless of the
>>> query -- returns the address of a dedicated machine on your network set up
>>> especially for this purpose.
>>
>> What happens when the client sends a POST from a cached page on the end
>> user's machine? E.g. if they post login credentials. Of course, they'll get
>> the error page, but then you have confidential data in your logs and now
>> you have to protect highly confidential info, at least if you're in europe.
> 
> It is possible to configure the web server not to log POSTed info.

Per default most webservers (Apache, nginx, etc) won't log POST
variables, GET variables will be logged (as they are part of the query)
but those should not contain any PII.

Greets,
 Jeroen





More information about the NANOG mailing list