On Mon, 18 Mar 2002 07:42:47 +0100, Hugo van der Kooij wrote: > On Fri, 15 Mar 2002 eaxat_private wrote: > > > For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with > > tons of HTTP requests composed of: > > > > GET / HTTP/1.1 > > Host: example.com > > These are in fact valid request if I setup a link like: <a > href="http://example.com/"> or even <a href="http://example.com"> They're not valid if he's not example.com. See RFC 2606: "3. Reserved Example Second Level Domain Names The Internet Assigned Numbers Authority (IANA) also currently has the following second level domain names reserved which can be used as examples. example.com example.net example.org" $ dig example.com ; <<>> DiG 2.2 <<>> example.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38839 ;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 2, Addit: 0 ;; QUESTIONS: ;; example.com, type = A, class = IN ;; ANSWERS: example.com. 172800 A 192.0.34.72 ;; AUTHORITY RECORDS: example.com. 21600 NS a.iana-servers.net. example.com. 21600 NS b.iana-servers.net. ;; Total query time: 400 msec ;; FROM: yvonne.lemniscate.net to SERVER: default -- 127.0.0.1 ;; WHEN: Mon Mar 18 10:22:35 2002 ;; MSG SIZE sent: 29 rcvd: 93 $ lynx -dump http://www.example.com/ You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser. These domain names are reserved for use in documentation and are not available for registration. -- Kyle R. Hofmann <krhat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 16:31:11 PST