Home > Others

Loop Back Check

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Today, I encountered a problem where I encountered http 401.1 when modifying the host file to access the local machine.

 

After investigation, it is found that the reason for the configuration is called loop back check.

 

What is loop back check?

This configuration is used to prevent reflection attack. After this configuration takes effect, NTLM authentication will fail if you use FQDN or custom host header (which does not match the machine name.

 

So what is reflection attack?

The main idea of this attack is to use trick to give the attacked machine the answer to attacker's own challenge.

 

The process is as follows:

  1. The attacker initiates a connection to a target.
  2. The target attempts to authenticate the attacker by sending it a challenge.
  3. The attacker opens another connection to the target, and sends the target this challenge as its own.
  4. The target responds to the challenge.
  5. The attacker sends that response back to the target on the original connection.

 

References:

Reflection attack

Http://en.wikipedia.org/wiki/Reflection_attack

You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version

Http://support.microsoft.com/kb/896861

What is loopback check?

Http://www.cnblogs.com/awpatp/archive/2010/03/11/1683672.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More