Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: http://www.domainname.com./ (with the ending)

from [Wall, Kevin] Network Security [Permanent Link]
Subject: RE: http://www.domainname.com./ (with the ending)
Date: Wed, 13 Apr 2005 18:53:36 -0500 
Michael Scovetta writes...


I don't think this is anything to be concerned about, but I 
find it odd that some websites (looks like IIS-sites), if you 
go to http://server./ (with a period appended), you usually 
get a "no web site configured", or "under construction". I 
guess the browser ignores the last . and finds the name in 
DNS, but then puts the . in the Host header. It looks like 
Apache ignores the . in the host header, so you go wind up 
seeing http://server/'s content even though the URL says 
http://server./ 

For instance:
      http://www.google.com./                 Normal Google page
      http://www.easyasphosting.com./ 400 - bad request
      http://www.iviewstudio.com./            404 - File Not 
Found (or "No web site is configured at this address")

I'd assume that if you have multiple hosts configured, then 
the . throws it off. 


Looks like you may have stumbled upon a new way (to me at least)
to fingerprint web servers. Anyone know what RFC 2616 (HTTP 1.1 spec)
says the behavior _should_ be for this (if it even mentions it at all).
I gotta run and have no time to look it up now, but intuition says
it should be ignored in the HOST header since its a valid DNS name.

-kevin
---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall@qwest.com    Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  webapp dependencies, Jarmon, Don R
Next by Date:  Re: http://www.domainname.com./ (with the ending), exon
Previous by Thread:  Re: http://www.domainname.com./ (with the ending), Mark Burnett
Next by Thread:  webapp dependencies, Jarmon, Don R
Indexes:  [Date] [Thread] [Top] [All Lists]