A web server might be host to multiple sites, and the Host: header
on the request allows the client to specify which one he wants. I
expect single-site servers just ignore it, and in any case it's not
relevant to the request since directory traversal attempts to break
out of the site to the host machine.

David Gillett

> -----Original Message-----
> From: sgt_b [mailto:sgt_b2002 (at) yahoo (dot) com [email concealed]]
> Sent: July 14, 2003 10:36
> To: incidents (at) securityfocus (dot) com [email concealed]
> Subject: www.google.com reference in directory-traversal attack
>
>
>
>
> I've included a link to a tcpdump taken that shows a standard
> IIS directory-traversal attack. I was looking over the
> packets and noticed a reference to www.google.com. Could
> someone take a look, and let me know what this is being used
> for? http://12.208.102.165/attack3.dump atack3.dump=1.6kb Thanks!
>
> --------------------------------------------------------------
> --------------
> Attend the Black Hat Briefings & Training, July 28 - 31 in
> Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15
> training sessions,
> 1,800 delegates from 30 nations including all of the top
> experts, from CSO's to
> "underground" security specialists. See for yourself what
> the buzz is about!
> Early-bird registration ends July 3. This event will sell
> out. www.blackhat.com
> --------------------------------------------------------------
> --------------
>

------------------------------------------------------------------------
----
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
------------------------------------------------------------------------
----

[ reply ]