|
|
|
|
|
|
by JdeBP
316 days ago
|
|
|
Using the IP address is a tricky one for something that is supposed to be Internet facing in the 2020s. In the modern world, one common probe performed by attackers is to see whether a site responds with its own IP address in the Host: header, or the address-to-name lookup result of the IP address in the DNS, or the well-known defaults of some WWW servers. What they're relying upon, of course, is people/softwares allowing IP addresses and the reverse lookup domain names, but forgetting to install security controls for those as virtual hosts. Or, equally as bad, the fallback if no Host: header is supplied being a private/internal WWW site of some kind. |
|
|