Miguel A.L. Paraz wrote:
> Problem: How can you be sure that the session you capture is complete and not
> corrupt? Rely on the TCP control information?
TCP contains all verification you need for this.
There is however a serious security warning: Unless you are very careful
about verifying the destination name, users can easily fool the stealth
server to inject false pages into the cache.
Why:
The stealth server will only know the destination IP address. To
reconstruct the server name it must look into the Host: header of the
request data.
How:
By sending a false Host: header in a request to another IP address.
How to avoid:
Make sure that a DNS lookup of the server name returns the same IP
address.
Will not work for:
Load balanced servers returning different IP addresses on different DNS
requests where the other IP addresses is excluded from the DNS response.
-- Henrik Nordstrom Squid hackerReceived on Sun Jan 09 2000 - 07:35:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:17 MST