[LWN Logo]

Date:	Mon, 25 Jan 1999 16:25:40 -0500
From:	bandregg@REDHAT.COM
Subject:      Using Example Domain Names in Exploits
To:	BUGTRAQ@NETSPACE.ORG

On Sun, 24 Jan 1999 20:23:40 -0500, "Tabor J. Wells" wrote:
>On Fri, Jan 22, 1999 at 08:58:33PM -0000,
>mnemonix <mnemonix@GLOBALNET.CO.UK> is thought to have said:
>
>> In all versions of IIS, where a  website has been configured to interpret
>> perl scripts using the perl executable (perl.exe), a problem exists where a
>> request for a non-existent file will return the physical location on a disk
>> of a web directory. A request for:
>>
>> http://www.server.com/scripts/no-such-file.pl
>
>I really wish people wouldn't do this. www.server.com is a legitimate
>site (it's hosted on my network) and they certainly don't run IIS.

The domains example.com, example.org, and example.net have all been reserved
by IANA and NIC for just this purpose. Use them.
--
                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

    "Gee, I'm glad you're around to tell me the almighty-truth[tm]."
                        -- Patrick J. Volkerding