Welcome! Log In Create A New Profile


Spurious DNS lookups due to Host header?

April 14, 2022 11:02AM
Hi Everyone,

I'm examining a webapp which had a scan looking for security related
errata and vulnerabilities. The app is hosted on Google Cloud (GPC)
and the webserver is Nginx. Only the app was scanned. GPC and Nginx
were not scanned.

The scan produced an interesting finding I have not seen before. The
finding is, a HTTP Request using a fake Host: header produces a DNS
lookup. I think the concern is a DNS amplification attack (or maybe
just some extra traffic).

I think this is how the errata or attack works. Below, theHost: header
is different from the hostname at the TLS layer.

echo -e "GET / HTTP/1.1\r\nHost:www.fake-example.com\r\n\r\n" | \
openssl s_client -connect www.example.com:443 -servername www.example.com

My question is, is Nginx expected to perform a lookup for www.fake-example.com?

(At this point I have not ruled out GPC doing the DNS lookup. Nginx
has a public mailing list, so it is easier to start here than trying
to use Google {non-}support).

nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
Subject Author Posted

Spurious DNS lookups due to Host header?

noloader April 14, 2022 11:02AM

Re: Spurious DNS lookups due to Host header?

Maxim Dounin April 14, 2022 04:16PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready