RE: Spyware blocking with HOSTS file on DNS server

[Barrie Dempster <barrie () reboot-robot net>]

On Tue, 2005-02-01 at 10:18 -0800, Dan Lynch wrote:
<snip>
> Another lister mentioned a report that someone "toasted her proxy
> server by using 127.0.0.1". What happens at the IP layer when the proxy
> attempts dozens (or hundreds) of connections to a non-existent listener
> on the loopback? What if a listener *does* exist? 
>
> For example, in our environment, browsers are configured to connect to
> the proxy on port 1500. The proxy the initiates the outbound connection
> to the destination web server, generally on port 80. If the web server
> name resolves to loopback, we have the proxy attempting to connect to
> itself on port 80. Do we wait for TCP timeout? What if our proxy *were*
> listening on port 80? Would a 404 NOT FOUND result? Would the behavior
> be different if DNS instead resolved the end point to 0.0.0.0?

Surely your clients machines are configured NOT to use the proxy for
local addresses, which would include your local range and the loopback
range. This would mean that if the client resolved an address as
127.0.0.1 it wouldn't attempt to pass through the proxy to hit this
address, therefore your proxy wouldn't have any internal load or
listener issues.

If your clients are not configured as such (which is the default in IE
and FF) then you should think about changing that at least for loopback
if not for your local IP range too.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part