[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries
- From: spamhotmail@xxxxxxxxx
- Date: 11 Sep 2006 11:22:54 -0700
HelloStarting in late May/06, I was using the feature "What is that site
running?" when I noticed that certain Microsoft servers, when queried,
indicated the operating system they were running wasF5 Big-IP. I had never
heard of this operating system before and did some research. I found out that
F5 Big-IP was actually a load balancer on certain Hotmail and MSN servers,
mostly associated with the gaming zones and even a zone for the UK. Further
down in this email, I will include the direct link on the Netcraft site that I
am mentioning. I will also include a list in this email of all instances that
I see the F5 Big-IP load balancer used. For the record, I would also like to
point out that I did inform Microsoft, specifically the Security Research
Centre as well as the MSN Product Group regarding the fact that on certain
servers and services, the load balancer was identified to the outside world
and I felt it may be a security risk. The Security Research Centre did not
consider it much of anything and the MSN Product Group would not touch the
issue because I had informed the Security Research Centre first. If this load
balancer is not supposed to be showing, I would recommend, if at all possible,
the information presented to users when they query this range of servers so
that a malicious element may not use this information to perhaps do harm to a
network. In the list shown below, I have only shown the list of servers with
the F5 Big-IP entries. Here is the link where I obtained the full list:Â
Please note that we determine the operating system using the TCP/IP
characteristics of the host in question. We cannot see how there is any
greater security risk of identifying the operating system of a load
balancer
than there is of identifying the operating system of a web server. As
you will
see from our FAQ
(http://uptime.netcraft.com/up/accuracy.html#loadbalancers)
we identify the OS of the load balancer because it is that device which
handles the TCP requests.
Regards,
--
Dan Gardner
Netcraft
.
- Prev by Date: SRX1014725515ID - Microsoft Passport Network:I have a comment/suggesti:Other:Other
- Next by Date: SRX1015953575ID - MSN Hotmail:I have a comment about Ho:Other
- Previous by thread: SRX1014725515ID - Microsoft Passport Network:I have a comment/suggesti:Other:Other
- Next by thread: SRX1015953575ID - MSN Hotmail:I have a comment about Ho:Other
- Index(es):
Relevant Pages
|
|
