On Wed, 8 Oct 2008, mouss wrote:
John Hardin a écrit :
I've recently come across some anomalous behavior in Vista and Win2k3
when confronted with a host's rDNS returning "localhost". It seems
Vista and Win2k3 replace this with the local hostname. To illustrate:
ping -a 123.30.74.2
AFAIK, "-a" doesn't change how ping works. the only thing it adds is to
show the PTR. but ping will contact the IP.
That's what's intended - to do a rDNS lookup and display the results using
a tool less sophisticated than dig.
Sorry I wasn't explicit with what that was to illustrate - I was intending
those on Vista or W2k3 to run that command and say "WTF?"
Does anybody know if this is a known security risk? (e.g. can a
webserver with rDNS set to "localhost" bypass any IE security features?)
While shit has happened too many times, I don't see why a browser would
do PTR lookup when given an IP.
If security settings are defined by the server's hostname or domain name
you'd kinda have to, or else say that all numeric-IP URLs are inherently
untrustworthy.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
They didn't add pork to the bailout, they added the bailout to pork.
-- seen at saysuncle.com
-----------------------------------------------------------------------
27 days until the Presidential Election
