Forum List Message List New Topic Print View

Maxim Dounin

April 14, 2022 04:16PM

Hello!

On Thu, Apr 14, 2022 at 10:56:58AM -0400, Jeffrey Walton wrote:

> Hi Everyone,
>
> I'm examining a webapp which had a scan looking for security related
> errata and vulnerabilities. The app is hosted on Google Cloud (GPC)
> and the webserver is Nginx. Only the app was scanned. GPC and Nginx
> were not scanned.
>
> The scan produced an interesting finding I have not seen before. The
> finding is, a HTTP Request using a fake Host: header produces a DNS
> lookup. I think the concern is a DNS amplification attack (or maybe
> just some extra traffic).
>
> I think this is how the errata or attack works. Below, theHost: header
> is different from the hostname at the TLS layer.
>
> echo -e "GET / HTTP/1.1\r\nHost:www.fake-example.com\r\n\r\n" | \
> openssl s_client -connect www.example.com:443 -servername www.example.com
>
> My question is, is Nginx expected to perform a lookup for www.fake-example.com?

No (unless you've configured nginx to do so).

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org

Reply Quote

RSS

Subject	Author	Posted
Spurious DNS lookups due to Host header?	noloader	April 14, 2022 11:02AM
Re: Spurious DNS lookups due to Host header?	Maxim Dounin	April 14, 2022 04:16PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 241

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

Spurious DNS lookups due to Host header?

Re: Spurious DNS lookups due to Host header?

Online Users