Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?

tim at tim at
Mon Aug 23 11:24:09 UTC 2021

On Monday, 23 August, 2021 10:19, "Karl Auer" <kauer at> said:

> You could block inappropriate inbound requests, but not knowing what is
> on the web servers makes that an infinite set of possibilities. So you
> would really have to permit only appropriate inbound requests. On
> anything but a trivial server the set of appropriate inbound requests
> could be very, very large. Not to mention that rewrite rules and
> suchlike could be blurring the difference between appropriate and
> inappropriate on a web server where the configuration is possibly in
> the hands of the bad guys.

That's a good point - I was thinking solely in terms of the DNS-based / simple vhost stuff, where a client is requesting 'Host:' from an IP address that "should" only be serving is the obvious and trivial workaround, I'm sure there are much more sophisticated ways to do it.

But we may both be talking about the wrong thing until Pirawat confirms :)


More information about the NANOG mailing list