Re: IIS 5.0 with Integrated Window Authentication

From: Dave Aitel (
Date: 11/07/02

Date: Thu, 7 Nov 2002 14:35:23 -0500
From: Dave Aitel <>
To: Sebastian Flothow <>

Hmm. My basterdized SPIKE Proxy NTLM auth does, in fact, work through
the proxy though.

Client->SPIKE Proxy->Server

Where Client is sending Proxy-Authorization, and SPIKE Proxy is
translating that into Authorization: and sending it to the server and so
on. I get access on IIS 5.0, at least.


On Wed, 6 Nov 2002 23:27:54 +0100
Sebastian Flothow <> wrote:

> > The goofy three-message exchange that sets up the NTLM security
> > doesn't seem to make it through the proxy,
> AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems it
> includes the client's IP address, which then doesn't match that of the
> proxy (which is the client from the server's point of view), or
> something similar.
> Sebastian
> --
> Sebastian Flothow
> #include <stddisclaimer.h>

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see: