Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: http://www.domainname.com./ (with the ending)

from [exon] Network Security [Permanent Link]
Subject: Re: http://www.domainname.com./ (with the ending)
Date: Thu, 14 Apr 2005 02:05:51 +0200
Fun issue. It seems to come back to haunt all the sec-lists once every six months.

This is the intended DNS lookup behaviour, and FQDN's NOT ending in a dot gets one appended before the request is sent to the DNS. Read the relevant RFC if you're curious about details.

/exon

Scovetta, Michael V wrote: 
All--

I don't think this is anything to be concerned about, but I find it
odd that some websites (looks like IIS-sites), if you go to
http://server./ (with a period appended), you usually get a "no web
site configured", or "under construction". I guess the browser
ignores the last . and finds the name in DNS, but then puts the . in
the Host header. It looks like Apache ignores the . in the host
header, so you go wind up seeing http://server/'s content even though
the URL says http://server./

For instance: http://www.google.com./ Normal Google page http://www.easyasphosting.com./ 400 - bad request http://www.iviewstudio.com./ 404 - File Not Found (or "No web site
is configured at this address")

I'd assume that if you have multiple hosts configured, then the .
throws it off.

It also looks like Firefox and IE both handle it the same way.

Sorry if this is a re-post-- I've never heard of this before, it just
struck me as odd, and thought I should throw it out there.


Regards,

Michael Scovetta Computer Associates Senior Application Developer






[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: http://www.domainname.com./ (with the ending), Wall, Kevin
Next by Date:  Re: http://www.domainname.com./ (with the ending), Robert Hajime Lanning
Previous by Thread:  http://www.domainname.com./ (with the ending), Scovetta, Michael V
Next by Thread:  Re: http://www.domainname.com./ (with the ending), Robert Hajime Lanning
Indexes:  [Date] [Thread] [Top] [All Lists]