Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices

From: Petko Petkov (ppetkov_at_gnucitizen.org)
Date: 07/25/05

  • Next message: list_at_rem0te.com: "[Full-disclosure] ClamAV Multiple Rem0te Buffer Overflows"
    Date: Mon, 25 Jul 2005 09:34:17 +0100
    To: Bojan.Zdrnja@LSS.hr, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
     
    Bojan Zdrnja wrote:

    >
    >
    >> -----Original Message----- From:
    >> full-disclosure-bounces@lists.grok.org.uk
    >> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of
    >> Morning Wood Sent: Wednesday, 20 July 2005 5:02 a.m. To: Petko
    >> Petkov; bugtraq@securityfocus.com Cc:
    >> full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure]
    >> Anonymous Web Attacks via DedicatedMobileServices
    >>
    >> google's language translation also does this..
    >> http://ipchicken.com
    >> http://translate.google.com/translate?u=http://ipchicken.com
    >
    >
    > Regarding Google - yes, if you log only connections. However, when
    > you use translate.google.com service, Google will add a new header
    > in the HTTP request:
    >
    > X-Forwarded-For: <IP address>
    >
    > All proxy servers should add this header, even in the case of
    > multiple proxying, in which case all IP addresses should be listed
    > under this header.
    >
    > For Apache, there is even a mod_extract_forwarded module which
    > should change the connection so it looks like it's coming from the
    > IP behind the proxy server.
    >
    >
    > I don't see any special risk with this, even for mobile devices
    > (mentioned in the original post) -- a proxy just does it's job, no
    > matter which proxy it is. If Google keeps logs, even if you don't
    > save X-Forwarded-For header and parse them, you can find out who
    > visited the web page, if it goes to investigation.
    >
    > Cheers,
    >
    > Bojan
    >
    > _______________________________________________ Full-Disclosure -
    > We believe in it. Charter:
    > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
    > sponsored by Secunia - http://secunia.com/
    >
    >
    >
    Hi Bojan,

    You are completely right that proxy servers do their job and it is
    easy to trace back the intruder if this is the case. And you are right
    that proxy servers have their own configuration files and log files.

    Regarding Google ? no, Google is too big. If you compromise a server
    in Romania I doubt that Google Inc. will be very helpful in this case.
    Google has massive amount of log files that needs to be processed and
    examined. Don?t get me wrong; I believe that Google has the power to
    find your intruder.

    The question is if everybody start hacking with WMLProxy, how
    responsive Google would be?

    On the other hand, it is very likely to see Web Attacks executed from
    Simple Mobile Phones that have WAP enabled. Now, this is my concern.
    An attacker can spend around 40 for cheap WAP device plus SIM. I
    believe that it is a reasonable price for not going in jail.

    X-Forwarded-For is a nice feature. I love it. Some people are not even
    aware of it. But, in reality, it doesn?t works always the way we want it.

    All the best,

    Petko

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
     
    iD8DBQFC5KQEFf/6vxAyUpgRAt3aAKCDt0tTgo1JZm0psben+MTkzcTpqQCgpsbV
    L/DE/w+pmoVlWYrmFZ0V0wk=
    =JCur
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: list_at_rem0te.com: "[Full-disclosure] ClamAV Multiple Rem0te Buffer Overflows"

    Relevant Pages

    • Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
      ... Bojan Zdrnja wrote: ... > Regarding Google - yes, ... You are completely right that proxy servers do their job and it is ... it is very likely to see Web Attacks executed from ...
      (Bugtraq)
    • Re: Possible greater access to Google Books
      ... Still apparently the 140 years ...why not standard copyright times? ... Oh well just as well we have proxy servers to get around Googles ridiculous ... to books published less than four score and seven years ago, ... Google has now reached an agreement to make some of these ...
      (soc.genealogy.medieval)
    • Re: Adsense ip identification
      ... This depends on the proxy servers settings. ... several thousand people making internet connections. ... I do hate Google for this, because google forces me to use cookies, ...
      (comp.lang.php)
    • Re: Audio feed
      ... drivels. ... Try the BBC and Eurosport and if you can't get the BBC feed do a search ... on google for UK proxy servers. ...
      (rec.sport.soccer)