RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices

From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 07/30/05

  • Next message: GulfTech Security Research: "Kayako liveResponse Multiple Vulnerabilities"
    Date: Sat, 30 Jul 2005 10:04:58 +0300 (IDT)
    To: Bojan Zdrnja <Bojan.Zdrnja@LSS.hr>
    
    

    On Sun, 24 Jul 2005, Bojan Zdrnja wrote:
    > Regarding Google - yes, if you log only connections.
    > However, when you use translate.google.com service, Google will add a new
    > header in the HTTP request:
    >
    > X-Forwarded-For: <IP address>
    >
    > All proxy servers should add this header, even in the case of multiple
    > proxying, in which case all IP addresses should be listed under this header.
    >
    > For Apache, there is even a mod_extract_forwarded module which should change
    > the connection so it looks like it's coming from the IP behind the proxy
    > server.
    >

    If you do assume that x-forwarded-for is always genuine then you will
    have problems when somebody with direct connection adds
    x-forwarded-for to confuse you (this is very similar to email
    headers).

    BTW: I don't sure that it is that important for real attackers -- most
    of them are likely to use owned hosts anyway.

    -- 
    Regards,
    ASK
    

  • Next message: GulfTech Security Research: "Kayako liveResponse Multiple Vulnerabilities"

    Relevant Pages

    • Re: minimal httpd response
      ... RST, abortively closing the connection. ... The responsibilities of an HTTP/1.1 proxy, and of an HTTP/1.1 server ... user agent, without a proxy, first, and then try to deal ... Connection header; with a Content-length header; or with the chunked ...
      (comp.programming)
    • Re: X-No-Archive, here we go again ;-)
      ... Only google expires them in a week. ... We all know Google Groups ... Google will honor this header. ... Before 1992, and at my university, posts never expired until disk space ...
      (news.software.readers)
    • Re: X-No-archive considered harmful
      ... If Google didn't heed that header or have some other opt-out ... Their archive includes posts that predate Deja, ... Perhaps the earth was just reacting ...
      (comp.programming)
    • Re: X-No-archive considered harmful
      ... If Google didn't heed that header or have some other opt-out ... Their archive includes posts that predate Deja, ... Perhaps the earth was just reacting ...
      (sci.math)
    • Re: X-No-archive considered harmful
      ... If Google didn't heed that header or have some other opt-out ... Their archive includes posts that predate Deja, ... Perhaps the earth was just reacting ...
      (sci.crypt)