From: Jerry Shenk (jshenk@decommunications.com)
Date: Sat Mar 26 2005 - 18:51:36 EST
I have found some proxies to be set up incorrectly when doing
pen-testing by simply configuring IE to use the public IP address as a
proxy. One in particular, I was able to use their internet proxy to
access anything on their 10... from the internet simply by pointing IE's
proxy config at the public IP address. That wasn't a "proxy problem",
it was a configuration problem but still, a pretty big problem!
...internal servers, printers, really not good!
-----Original Message-----
From: FF 647 [mailto:ff_647@yahoo.com]
Sent: Friday, March 25, 2005 7:41 PM
To: pen-test@securityfocus.com
Subject: Reverse Proxy Pen Testing
Does anyone know of a way to test a netcache to see if
it will return content from web sites on an internal
network -- intranet sites that would otherwise not be
viewable by the public? Any info would be appreciated
as we are investigating techniques to simulate
Internet based attack vectors against our reverse proxy.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:18 EDT