[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OT But is a Cobalt/Security issue
- Subject: Re: [cobalt-security] OT But is a Cobalt/Security issue
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Jan 2002 01:19:36 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Is this true then that they can't check or are they basically saying we
> can't be bothered cause there's too much going through and it's doesn't
> justify the man hours to check it your wee problems.
I think that's entirely down to the config of the proxy. Most proxies
handling any reasonable number of requests will generate a huge amount of
log info (I seem to remember talking to a sysadmin who administered squid
caches which generated over 80MB logs per day). Due to this I can see
that some would be tempted to just say 'to heck with it' and either turn
logging off, or keep only a day or twos worth of log info. Of course,
depending on the law in your country, you may be legally obliged to keep
logs, but that's another issue.
One thing that might be worth checking to see if the ISP's web proxy is
setting any kind of 'X-Forwarded-For' HTTP header (I know squid can be
configured to do this). If this is the case, then I believe you can use
mod_perl to capture the IP the requests are being forwarded for in your
logs instead of the proxy ip ... maybe this will be of more use in
tracking down the perpetrator.
Regards,
John
P.S. What exactly are you refering to when you say '/etc/password hack'?