Re: reverse proxy identification

From: R. DuFresne (dufresne@sysinfo.com)
Date: Tue Jan 16 2007 - 16:16:38 EST

• Next message: Clement Dupuis: "RE: Community Rainbow Tables downloading"
• Previous message: M.B.Jr.: "Fwd: Virtual environments security"
• In reply to: sami ghourabi: "reverse proxy identification"
• Next in thread: Olivier Meyer: "Re: reverse proxy identification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 12 Jan 2007, sami ghourabi wrote:

> I'm currently pentesting C class subnet.
> It seems that it hosts webservers, as a large number of IP @ replied OK to
> port 80 scan.
> However I dont think that for each IP adress there is a physical server, but
> perhaps a multiplexing device that also does application firewalling.
> According to nmap it may be a Blue Coat SG4.
> When I browse to the IPs with firefox, I recieve several messages "No web
> site is configured at this address." for some IP.
> Does anybody here know if this message is specific to a given reverse
> proxy/web server product ?
> Any other experiences similar to this situation are welcome.
>

Actually, it could be just about any firewall/security device in the path
that has a port 80 opened for some devices behind it and answers up front
for all devices behind it. I do not think enough info is provided here
for anyone to make that determination, and it's hard to collect and
disseminate this is the case without actually being the firewall/network
admoin for the site in question. There are clues that can lead on to make
a guess this is the setup you are facing, but not way to fully determine
this is the case, with a properly configured set of security devices up
front. Then again, could be someone opening a listener on the other IP's
in qustion that is not web oriented, your test with firefox is in itself
insuficcient to flesh that out as well.

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFrUC7st+vzJSwZikRAuauAKCX9/EKTdjq4IMWQqDR8lItOhMivgCeLV/Q
xyyy3wZzExc0bQmU9uEFABQ=
=rJ6C
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Clement Dupuis: "RE: Community Rainbow Tables downloading"
• Previous message: M.B.Jr.: "Fwd: Virtual environments security"
• In reply to: sami ghourabi: "reverse proxy identification"
• Next in thread: Olivier Meyer: "Re: reverse proxy identification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:31 EDT