Re: F5 and similar

From: Marc W. (marc_at_packetfilter.org)
Date: 08/27/03

Next message: Joao Gouveia: "Re: F5 and similar"

Previous message: pen test: "F5 and similar"
In reply to: pen test: "F5 and similar"
Next in thread: Fernando Cardoso: "RE: F5 and similar"
Reply: Fernando Cardoso: "RE: F5 and similar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: 27 Aug 2003 01:59:37 -0400

If they are using the SSL-Accelerator (which is a seperate box than
their load-balancer AFAIK) then yes, any 443 probes you launch will be
hitting the F5 box, not the webservers. Your diagram is correct -- The
SSL-Accelerator will be handling the actual encrypted sessions and
forwarding them into the intranet unencrypted to their http servers.
The F5 box does all the SSL-side traffic.

Marc W.
On Tue, 2003-08-26 at 21:55, pen test wrote:
> Recently I started a pen test of a network and the company is using a F5
> BigIP for load balancing and ssl acceleration. I looked and looked and
> could not find any information to answer a few questions. Any help would be
> great.
>
> Does the BigIp handle all requests and stay between the client and server or
> does it just simply redirect to the server?
>
> Bascially what I am getting at is if the the BigIp is between the client and
> application server
>
> client ---ssl--- bigip ---http--- application server
>
> is the the application server safe from attacks that may affect it as the
> bigip will actually be on the one that is attacked?
>
> Thanks
>
> _________________________________________________________________
> Get MSN 8 and enjoy automatic e-mail virus protection.
> http://join.msn.com/?page=features/virus
>
>
> ---------------------------------------------------------------------------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> ----------------------------------------------------------------------------

application/pgp-signature attachment: This is a digitally signed message part

Next message: Joao Gouveia: "Re: F5 and similar"

Previous message: pen test: "F5 and similar"
In reply to: pen test: "F5 and similar"
Next in thread: Fernando Cardoso: "RE: F5 and similar"
Reply: Fernando Cardoso: "RE: F5 and similar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: F5 and similar
... Seeing that we are on the BigIP topic. ... >> does it just simply redirect to the server? ... > of the server, however the L3-7 attacks will then pass, unless suitable ... > contain network/application security features found in other products, ...
(Pen-Test)
Re: F5 and similar
... > Does the BigIp handle all requests and stay between the client and server or ... > does it just simply redirect to the server? ... your looking at L2 then the F5 will be the victim of L2 style attacks instead ...
(Pen-Test)
Re: F5 and similar
... > BigIP for load balancing and ssl acceleration. ... > does it just simply redirect to the server? ... destination ports, rules, etc.. ... BigIp, not the app server), but not from attacks directed to the mapped ...
(Pen-Test)
F5 and similar
... BigIP for load balancing and ssl acceleration. ... does it just simply redirect to the server? ... is the the application server safe from attacks that may affect it as the ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
Re: F5 and similar
... > BigIP for load balancing and ssl acceleration. ... > Does the BigIp handle all requests and stay between the client and server ... Fast, reliable vulnerability assessment ... > technology powered by the award-winning FoundScan engine. ...
(Pen-Test)