On Fri, May 28, 2010 at 08:38:57AM -0700, Nate Eldredge wrote: > On Fri, 28 May 2010, dm@xxxxxxxxxxxxxxxxx wrote: > > >And this is the sort of thing that would be appropriate: > >- www.example.com (this is really the best way to go) > > Except that www.example.com, while reserved according to RFC 2606, > actually resolves to a host with a web server (running, interestingly, > Apache 2.2.3 from circa 2006), which gives you a page telling you about > RFC 2606. It appears to be run by the IANA. So it might be polite not to > use this, so as not to attack the IANA by mistake. > > Better would be the reserved TLDs from RFC 2606, which AFAIK should never > resolve at all: *.test, *.example, and *.invalid. Unfortunately, > "www.foo.example" is less obviously a host name compared to > "www.example.com". > > >- Some other place-holder that is not a valid domain such as <victim>, > >etc. > > That works too. > > -- Okay, agreed. Let us not abuse IANA's poor little Apache 2.2.3 server. So, to sum up, these guys are good for exploit/PoC examples: 1. Place-holder such as <victim>. 2. Reserved TLDs from RFC 2606 such as *.test, *.example, and *.invalid. -- Dave McKinney Symantec keyID: E461AE4E key fingerprint = F1FC 9073 09FA F0C7 500D D7EB E985 FAF3 E461 AE4E
