Re: F5 and similar
From: jatkinson (jatkinson_at_zelvin.com)
Date: 08/28/03
- Previous message: Fernando Cardoso: "RE: F5 and similar"
- In reply to: Gareth Bromley: "Re: F5 and similar"
- Next in thread: Luis Cerdas: "Re: F5 and similar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Gareth Bromley" <gbromley@intstar.com>, "pen test" <pentestlist@hotmail.com> Date: Thu, 28 Aug 2003 00:56:59 -0400
Hello all,
Seeing that we are on the BigIP topic. I was wondering if anyone has seen
any issues in preformance when nmaping (-sS) of the virtal ip address of the
BigIP from the same subnet?
thanks for your time,
JAtkinson
----- Original Message -----
From: "Gareth Bromley" <gbromley@intstar.com>
To: "pen test" <pentestlist@hotmail.com>
Cc: <pen-test@securityfocus.com>
Sent: Wednesday, August 27, 2003 9:56 AM
Subject: Re: F5 and similar
> On Wed, 27 Aug 2003, pen test wrote:
> > Does the BigIp handle all requests and stay between the client and
server or
> > does it just simply redirect to the server?
> > Bascially what I am getting at is if the the BigIp is between the client
and
> > application server
> > client ---ssl--- bigip ---http--- application server
> Depends on how the F5 (or any load balancer) has been setup.
>
> Most products support a number of modes, and at there basic either sit in
> front of the server for requests and replies or along side it for
> requests and see none of the replies (Direct Server return, nFlow? in F5
> terms) either at Layer 2 or Layer 3 depending on configuration.
>
> > is the the application server safe from attacks that may affect it as
the
> > bigip will actually be on the one that is attacked?
> Well that has to depend on what level are you inspecting/looking at. If
> your looking at L2 then the F5 will be the victim of L2 style attacks
instead
> of the server, however the L3-7 attacks will then pass, unless suitable
> network/application inspection/filtering is carried out. Of course if
> you've activated the L7 intelligence and are filternig at that level and
> use some of the L3-4 DoS protection mechanisms that F5 provides, you have
> a partially protected server farm. Ofcourse, you need to ask what L7
> attack intelligence is built into the F5 product to detect against Web
> attacks injected into SSL, from my experience none, so another product is
> required i.e. IDS, Application Aware product (Sanctum, KaVaDo, Whale
> e-Gap, Spearheads AirGap, etc..)
>
> However, the F5 and other LBs are NOT security products and thus dont
> contain network/application security features found in other products,
> instead these products cover the Availability of the CIA security trilogy.
>
> Hope these helps
>
> Gareth
>
>
> --------------------------------------------------------------------------
-
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for
21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
- Previous message: Fernando Cardoso: "RE: F5 and similar"
- In reply to: Gareth Bromley: "Re: F5 and similar"
- Next in thread: Luis Cerdas: "Re: F5 and similar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
