North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Sabri Berisha
  • Date: Fri Sep 01 23:31:25 2000

On Tue, 29 Aug 2000, Roland Dobbins wrote:

> The SSL issue is a real one, and I don't know how to get around it.  

It's not the only one.

I happen to work for a hosting isp and we have had many discussions on
this one. None of my collegues have been able to give me the solution to
the following issue:

As we all know, cname hosting is based on the same IP. Using the IP of a
site could be a form of securitychecking. Let me explain: 

Imagine we have a site on with the IP

Now we have a customer that wants to put sensitive information on

This information would me far more secure if the customer would link to instead of
Why? It's simple; imagine some lamer writing a trojan that would change
your /etc/hosts or C:\windows\hosts files... 

It happened to a bank in The Netherlands about 2 years ago (published in
the magazine Computer Idee for the dutch readers).

I think cname hosting will be unavoidable (is that correct english?) in
the next few months but every hosting company should be given enough IP's
to offer ip-based hosting too, even if it's nog going to be the standard

And then we are not even talking about those nice PTR records for a host
which (I admit) are purely cosmetic but I think it will be a way of being
"cool" if you have a PTR for your A when cname hosting get's The Usual Way
of business.

Sabri Berisha   `~*-[vuurwerk internet]
		Linux / FreeBSD Scriptkiddo
	      my personal opinion yadda yadda