Welcome! Log In Create A New Profile

Advanced

Re: Spurious DNS lookups due to Host header?

Maxim Dounin
April 14, 2022 04:16PM
Hello!

On Thu, Apr 14, 2022 at 10:56:58AM -0400, Jeffrey Walton wrote:

> Hi Everyone,
>
> I'm examining a webapp which had a scan looking for security related
> errata and vulnerabilities. The app is hosted on Google Cloud (GPC)
> and the webserver is Nginx. Only the app was scanned. GPC and Nginx
> were not scanned.
>
> The scan produced an interesting finding I have not seen before. The
> finding is, a HTTP Request using a fake Host: header produces a DNS
> lookup. I think the concern is a DNS amplification attack (or maybe
> just some extra traffic).
>
> I think this is how the errata or attack works. Below, theHost: header
> is different from the hostname at the TLS layer.
>
> echo -e "GET / HTTP/1.1\r\nHost:www.fake-example.com\r\n\r\n" | \
> openssl s_client -connect www.example.com:443 -servername www.example.com
>
> My question is, is Nginx expected to perform a lookup for www.fake-example.com?

No (unless you've configured nginx to do so).

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
Subject Author Posted

Spurious DNS lookups due to Host header?

noloader April 14, 2022 11:02AM

Re: Spurious DNS lookups due to Host header?

Maxim Dounin April 14, 2022 04:16PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 77
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready