Re: reverse proxy identification

To:	sami ghourabi <sami.ghourabi@icn.com.tn>
Subject:	Re: reverse proxy identification
From:	Javier Fernández-Sanguino <jfernandez@germinus.com>
Date:	Fri, 19 Jan 2007 13:47:49 +0100
Cc:	pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<45A77155.4080505@icn.com.tn>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Organization:	Germinus XXI
References:	<45A77155.4080505@icn.com.tn>
Resent-date:	Fri, 19 Jan 2007 10:57:04 -0700 (MST)
Resent-from:	pen-test-return-1078483435@securityfocus.com
Resent-message-id:	<20070119175704.39AC9155820@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	Thunderbird 1.5.0.9 (Windows/20061207)

sami ghourabi dijo:

However I dont think that for each IP adress there is a physical server,but perhaps a multiplexing device that also does application firewalling.
According to nmap it may be a Blue Coat SG4.

If it's a Bluecoat (or some other reverse proxy) which is load balancingbetween different servers you can sometimes determine the techonologybased on the cookie used for tracking users at the app level (althoughnot everybody does this, some people configure reverse proxies to dopersistence by IP address or, even, no persistence).

You can use the cookie database available at:http://www.owasp.org/index.php/Category:OWASP_Cookies_Database


Regards

Javier





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
reverse proxy identification, sami ghourabi Re: reverse proxy identification, Andy Ashley RE: reverse proxy identification, Paul Melson Re: reverse proxy identification, AdamT Message not available Message not available Re: reverse proxy identification, Olivier Meyer Re: reverse proxy identification, R. DuFresne Re: reverse proxy identification, Javier Fernández-Sanguino <= Re: reverse proxy identification, Faisal Khan Re: reverse proxy identification, sami.ghourabi

Previous by Date:	Re: Apache Concurrent Users, Tim
Next by Date:	Re: Magic Quotes question, Ronald Chmara
Previous by Thread:	Re: reverse proxy identification, R. DuFresne
Next by Thread:	Re: reverse proxy identification, Faisal Khan
Indexes:	[Date] [Thread] [Top] [All Lists]