[thelist] 404 a Whole Sub-Domain

Ken Schaefer Ken at adOpenStatic.com
Sat Sep 1 06:35:49 CDT 2007


Whilst being paranoid is a good thing, I don't see how (1) affects your situation.

Whilst IP addresses can be spoofed, the sending of a packet with a spoofed IP address will never get a response from your server (because the server will send the response back to the spoofed source IP, not the sender's actual IP address). So what use is a spoofed IP address? It can be used to send a one-packet payload that might compromise your server, or it can be used to cause a DoS attack by opening TCP connections that the server isn't going to timeout quickly enough, or if the attacker can also hack routers, they may be able to have a response routed back to them (not usually an issue on the public internet).

Cheers
Ken

-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jon Molesa
Sent: Thursday, 30 August 2007 10:56 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] 404 a Whole Sub-Domain

Answer

1) Because IP's can be and are spoofed.

or

2) Because I'm paranoid. :-)

Basically the parking page confirms that a site exists at that address
even though I have

deny all

in .htaccess.  The welcome.conf on Redhat is has priority over .htaccess
for no default index.  I want to override that.

*On Wed, Aug 29, 2007 at 04:40:59PM -0700 Brady Mitchell <mydarb at gmail.com> wrote:

> Date: Wed, 29 Aug 2007 16:40:59 -0700
> From: "Brady Mitchell" <mydarb at gmail.com>
> To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
> Subject: Re: [thelist] 404 a Whole Sub-Domain
>
> > I'm looking for a way to 404 a whole sub-domain.
> >
> > I'm setting up a webservice on the sub-domain for internal use.  I've
> > got traffic deny except for a particular IP in .htaccess.  I have a
> > default page setup in /etc/http/conf.d/welcome.conf as a parking page.
> > I either need to overide that, or just create an index.html that spits
> > out 404 headers.
>
> I must not be understanding the problem properly. If you're denying
> access to all but the one IP address that you want to have access to
> this system, why do you need the additional 404?
>
> Brady
> --
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !

--
Jon Molesa
rjmolesa at consoltec.net
if you're bored or curious
http://rjmolesa.com
--

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !



More information about the thelist mailing list