Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
tim at pelican.org
tim at pelican.org
Mon Aug 23 11:24:09 UTC 2021
On Monday, 23 August, 2021 10:19, "Karl Auer" <kauer at biplane.com.au> said:
> You could block inappropriate inbound requests, but not knowing what is
> on the web servers makes that an infinite set of possibilities. So you
> would really have to permit only appropriate inbound requests. On
> anything but a trivial server the set of appropriate inbound requests
> could be very, very large. Not to mention that rewrite rules and
> suchlike could be blurring the difference between appropriate and
> inappropriate on a web server where the configuration is possibly in
> the hands of the bad guys.
That's a good point - I was thinking solely in terms of the DNS-based / simple vhost stuff, where a client is requesting 'Host: www.badguys.com' from an IP address that "should" only be serving www.mystuff.com.
www.mystuff.com/secret/content/here/badguys.com/ is the obvious and trivial workaround, I'm sure there are much more sophisticated ways to do it.
But we may both be talking about the wrong thing until Pirawat confirms :)
Regards,
Tim.
More information about the NANOG
mailing list