[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: OT But is a Cobalt/Security issue
- Subject: [cobalt-security] Re: OT But is a Cobalt/Security issue
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Fri, 18 Jan 2002 09:43:27 +1300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
John Bailey Replied...
>One thing that might be worth checking to see if the ISP's web proxy is
>setting any kind of 'X-Forwarded-For' HTTP header (I know squid can be
>configured to do this).
John did a bit of research on that after posting and asked the question to
one of the ISP's and there sys min gave the educated reply of "nah it's not
and don't see why it should be" ... (sad frown)
Graeme Replied...
>John however does make a pertinent note, that properly configured proxies
>*should* pass an X- header with the source IP in them. Again, for privacy
>reasons (and logistical ones too) many do not. It is not written in any
>standard, nor is it a requirement AFAIK in law anywhere.
This confirms what I was told from one of the main New Zealand ISP's
>>What Chae brings up is a perennial problem for all webserver
administrators:
>>just when do you bother to report things?
I have always checked what was being reported prior to it going to the
system admin at the ISP...we don't report the 1 or 2 scans for formmail or
wayboard accesss etc but we do send out reports when we see say 20 or more
obvious attempts at anonymous FTP attempts, SYN FIN scans, Squid scans, Dos
Attempts etctera - the out of the everyday ordinary stuff. But I have asked
the question to one of the ISP's ... so what if I get a barage of attacks
coming from your proxy server are you saying you can't help or assist in the
tracing of the culprit?
I'm still waiting for a reply :<
Up to now we've approached 4 of the big New Zealand ISP's regarding this and
3 have just gave the typical reply of "Sorry it's an International
Proxy/Cache server can't help" and one ISP spent a few days setting up
logging and filtered through a 400Mb per day log for us - still didn't help
trace them culprit down but at least they went to the trouble of assisting
us.
I'm cusrious - do other smaller ISP's/hosting companies have the same
problem or is it simply a New Zealand thing?
Regards
Chae