Site Checker/Vote On Domains Improvements

Comments

3 comments

  • Avatar
    rotblitz

    You posted this before.  Would you know what happend to the earlier post?

    "a number of varying factors (such as HTTP referer header, source IP address/range/network, user-agent header, etc.)"

    That's a lot of activity per domain tagging transaction.  OpenDNS may have to upgrade their servers, not to speak about software development.

    "methods which allow for identification of the original URI complete with the original HTTP headers"

    There's nothing "original", because such pages (URIs and HTTP headers) are typically dynamically generated during "run time", e.g when being visited.  So "original" is more than just relative.

    "Now that the reviewer has the complete URI available, they can more accurately categorize the domain."

    Can (s)he?  If there is a domain presenting news and another presenting chat, shall both be tagged as news and chat then just because they are hosted at the same IP address, or how do I have to understand this?  Or should they all be tagged as Adware, because a third domain behind the same IP address is hosting adware?

  • Avatar
    supergq

    The HTTP headers I'm referring to are the browser headers.  As these are client-side headers, they can be manipulated as desired.  This can be inferred by my reference to the OpenDNS browser plug-in.  The context in which I mention "original" is referring to the fully qualified location of a given resource.  In other words the "original URI" would be the entire location in your browser address bar, such as http://example.com/adware/is/only/visible/here/

    Hopefully you can now begin to see that if OpenDNS is providing a link to http://example.com/ then the reviewer has no visibility to the URI http://example.com/adware/is/only/visible/here, especially when a link isn't made available on the default web page.

    Having the ability to report the actual URI, which contains content which may effect categorization would be very useful.  VirusTotal just so happens to keep track of many of these locations for us, so there are more URIs to verify when deciding on proper categorization.

    URI (in the context in which I present it) is the combination of a uniform resource locator (URL) and uniform resource name (URN).

    If you actually look at the report, you'll see many URIs, which consist of the fully qualified domain name (FQDN), so categorization can be based on domain name.

    While it's true virtual hosts exist which host unrelated parties/content and share the share IP address, it's only true a host and all associated domains can be controlled by one or more related parties for a categorial purpose.

    All that said, if you were an OpenDNS employee and could effectuate implementation of this solution I might just spend more time educating you on the technical specifics.

  • Avatar
    supergq

    "it's only true" intended as "it's also true"

Please sign in to leave a comment.