A web server might be host to multiple sites, and the Host: header on the request allows the client to specify which one he wants. I expect single-site servers just ignore it, and in any case it's not relevant to the request since directory traversal attempts to break out of the site to the host machine. David Gillett > -----Original Message----- > From: sgt_b [mailto:sgt_b2002at_private] > Sent: July 14, 2003 10:36 > To: incidentsat_private > Subject: www.google.com reference in directory-traversal attack > > > > > I've included a link to a tcpdump taken that shows a standard > IIS directory-traversal attack. I was looking over the > packets and noticed a reference to www.google.com. Could > someone take a look, and let me know what this is being used > for? http://12.208.102.165/attack3.dump atack3.dump=1.6kb Thanks! > > -------------------------------------------------------------- > -------------- > Attend the Black Hat Briefings & Training, July 28 - 31 in > Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 > training sessions, > 1,800 delegates from 30 nations including all of the top > experts, from CSO's to > "underground" security specialists. See for yourself what > the buzz is about! > Early-bird registration ends July 3. This event will sell > out. www.blackhat.com > -------------------------------------------------------------- > -------------- > ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 11:08:54 PDT