John Hardin a écrit : > On Wed, 8 Oct 2008, mouss wrote: > >> John Hardin a écrit : >> >>> I've recently come across some anomalous behavior in Vista and Win2k3 >>> when confronted with a host's rDNS returning "localhost". It seems >>> Vista and Win2k3 replace this with the local hostname. To illustrate: >>> >>> ping -a 123.30.74.2 >> >> AFAIK, "-a" doesn't change how ping works. the only thing it adds is to >> show the PTR. but ping will contact the IP. > > That's what's intended - to do a rDNS lookup and display the results > using a tool less sophisticated than dig. > > Sorry I wasn't explicit with what that was to illustrate - I was > intending those on Vista or W2k3 to run that command and say "WTF?" > >>> Does anybody know if this is a known security risk? (e.g. can a >>> webserver with rDNS set to "localhost" bypass any IE security >>> features?) >> >> While shit has happened too many times, I don't see why a browser would >> do PTR lookup when given an IP. > > If security settings are defined by the server's hostname or domain > name you'd kinda have to, or else say that all numeric-IP URLs are > inherently untrustworthy.
I'd speculate that the lookup is "textual" (not DNS based). so you'd specify "http://*.google.com";, "http://127.0.0.1"; ... etc. but I may be wrong. BTW. There was a bug a long time ago when IE used to trust URLs with dotless numeric-IPs. http://www.microsoft.com/technet/security/Bulletin/MS01-051.mspx so I hope the developers don't get into such traps again (but I'm dreaming...).
