RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices

From: Bojan Zdrnja (Bojan.Zdrnja_at_LSS.hr)
Date: 07/24/05

  • Next message: b0fnet_at_yahoo.com: "Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability" 
    To: <bugtraq@securityfocus.com>
Date: Sun, 24 Jul 2005 10:46:49 +1200

     

    > -----Original Message-----
    > From: full-disclosure-bounces@lists.grok.org.uk
    > [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf
    > Of Morning Wood
    > Sent: Wednesday, 20 July 2005 5:02 a.m.
    > To: Petko Petkov; bugtraq@securityfocus.com
    > Cc: full-disclosure@lists.grok.org.uk
    > Subject: Re: [Full-disclosure] Anonymous Web Attacks via
    > DedicatedMobileServices
    >
    > google's language translation also does this..
    > http://ipchicken.com
    > http://translate.google.com/translate?u=http://ipchicken.com

    Regarding Google - yes, if you log only connections.
    However, when you use translate.google.com service, Google will add a new
    header in the HTTP request:

    X-Forwarded-For: <IP address>

    All proxy servers should add this header, even in the case of multiple
    proxying, in which case all IP addresses should be listed under this header.

    For Apache, there is even a mod_extract_forwarded module which should change
    the connection so it looks like it's coming from the IP behind the proxy
    server.

    I don't see any special risk with this, even for mobile devices (mentioned
    in the original post) -- a proxy just does it's job, no matter which proxy
    it is. If Google keeps logs, even if you don't save X-Forwarded-For header
    and parse them, you can find out who visited the web page, if it goes to
    investigation.

    Cheers,

    Bojan

  • Next message: b0fnet_at_yahoo.com: "Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability"

    Relevant Pages

    • RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
      ... Regarding Google - yes, if you log only connections. ... All proxy servers should add this header, even in the case of multiple ...
      (Full-Disclosure)
    • Re: X-No-Archive, here we go again ;-)
      ... Only google expires them in a week. ... We all know Google Groups ... Google will honor this header. ... Before 1992, and at my university, posts never expired until disk space ...
      (news.software.readers)
    • Re: Search Engine Indexing of Dynamic Sites
      ... I have two sites where Google has indexed 8,600 and 14,000 pages respectively, so far this month. ... > really blame my host for limiting sql server to 100 connections. ... >> Jon, ... >> Also most search engine seem to have no problem index the follow type ...
      (microsoft.public.frontpage.client)
    • Re: Vista Hacked
      ... other words what confirmation do you have that the original install was ... Probably the best solution for a firewall is to use a router, ... Either should show active connections, many of which will be your machine ... If you have Google toolbar or update manager installed then random ...
      (microsoft.public.windows.vista.performance_maintenance)
    • Re: X-No-archive considered harmful
      ... If Google didn't heed that header or have some other opt-out ... Their archive includes posts that predate Deja, ... Perhaps the earth was just reacting ...
      (sci.math)