Full Disclosure mailing list archives
Re: defense against session hijacking
From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 19 Nov 2003 11:09:44 -0600 (CST)
On Mon, 17 Nov 2003, Gary E. Miller wrote:
Yo Thomas! Some ISPs like AOL use ganged proxies/caches. You may get the same session from different proxies as they round robin. Overly agressive web caches are a big problem for web apps.
not to mention that IP's can be spoofed. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- defense against session hijacking Thomas M. Duffey (Nov 17)
- Re: defense against session hijacking Gary E. Miller (Nov 17)
- Re: defense against session hijacking Ron DuFresne (Nov 19)
- Re: defense against session hijacking David Maynor (Nov 17)
- Re: defense against session hijacking Damian Gerow (Nov 17)
- Re: defense against session hijacking Frank Knobbe (Nov 17)
- Re: defense against session hijacking Damian Gerow (Nov 17)
- Re: defense against session hijacking David Maynor (Nov 17)
- Re: defense against session hijacking Damian Gerow (Nov 17)
- window hiding sir kaber (Nov 17)
- Re: defense against session hijacking |reduced|minus|none| (Nov 17)
- Re: defense against session hijacking Gary E. Miller (Nov 17)
- Re: defense against session hijacking Scott Taylor (Nov 17)
- Re: defense against session hijacking Bill Pennington (Nov 17)
- Re: defense against session hijacking Jason Ziemba (Nov 18)