Bugtraq mailing list archives

RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices

From: Alexander Klimov <alserkli () inbox ru>
Date: Sat, 30 Jul 2005 10:04:58 +0300 (IDT)

On Sun, 24 Jul 2005, Bojan Zdrnja wrote:

Regarding Google - yes, if you log only connections.
However, when you use translate.google.com service, Google will add a new
header in the HTTP request:

X-Forwarded-For: <IP address>

All proxy servers should add this header, even in the case of multiple
proxying, in which case all IP addresses should be listed under this header.

For Apache, there is even a mod_extract_forwarded module which should change
the connection so it looks like it's coming from the IP behind the proxy
server.


If you do assume that x-forwarded-for is always genuine then you will
have problems when somebody with direct connection adds
x-forwarded-for to confuse you (this is very similar to email
headers).

BTW: I don't sure that it is that important for real attackers -- most
of them are likely to use owned hosts anyway.

-- 
Regards,
ASK

Current thread:

RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Bojan Zdrnja (Jul 28)
- Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Petko Petkov (Jul 28)
- RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Alexander Klimov (Jul 30)