F5 and similar

From: pen test (pentestlist_at_hotmail.com)
Date: 08/27/03

Next message: Marc W.: "Re: F5 and similar"

Previous message: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
Next in thread: Marc W.: "Re: F5 and similar"
Reply: Marc W.: "Re: F5 and similar"
Reply: Joao Gouveia: "Re: F5 and similar"
Reply: Paul R: "Re: F5 and similar"
Reply: Gareth Bromley: "Re: F5 and similar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Wed, 27 Aug 2003 01:55:55 +0000

Recently I started a pen test of a network and the company is using a F5
BigIP for load balancing and ssl acceleration. I looked and looked and
could not find any information to answer a few questions. Any help would be
great.

Does the BigIp handle all requests and stay between the client and server or
does it just simply redirect to the server?

Bascially what I am getting at is if the the BigIp is between the client and
application server

client ---ssl--- bigip ---http--- application server

is the the application server safe from attacks that may affect it as the
bigip will actually be on the one that is attacked?

Thanks

_________________________________________________________________
Get MSN 8 and enjoy automatic e-mail virus protection.
http://join.msn.com/?page=features/virus

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Marc W.: "Re: F5 and similar"

Previous message: Abe Usher: "towards a taxonomy of Information Assurance (IA)"
Next in thread: Marc W.: "Re: F5 and similar"
Reply: Marc W.: "Re: F5 and similar"
Reply: Joao Gouveia: "Re: F5 and similar"
Reply: Paul R: "Re: F5 and similar"
Reply: Gareth Bromley: "Re: F5 and similar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: F5 and similar
... Seeing that we are on the BigIP topic. ... >> does it just simply redirect to the server? ... > of the server, however the L3-7 attacks will then pass, unless suitable ... > contain network/application security features found in other products, ...
(Pen-Test)
Re: F5 and similar
... > BigIP for load balancing and ssl acceleration. ... > Does the BigIp handle all requests and stay between the client and server ... Fast, reliable vulnerability assessment ... > technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
Re: F5 and similar
... If they are using the SSL-Accelerator (which is a seperate box than ... > BigIP for load balancing and ssl acceleration. ... > does it just simply redirect to the server? ... > is the the application server safe from attacks that may affect it as the ...
(Pen-Test)
Re: F5 and similar
... > BigIP for load balancing and ssl acceleration. ... > does it just simply redirect to the server? ... destination ports, rules, etc.. ... BigIp, not the app server), but not from attacks directed to the mapped ...
(Pen-Test)
Re: F5 and similar
... > Does the BigIp handle all requests and stay between the client and server or ... > does it just simply redirect to the server? ... your looking at L2 then the F5 will be the victim of L2 style attacks instead ...
(Pen-Test)