WebApp Sec mailing list archives
Re: IIS 5.0 with Integrated Window Authentication
From: "sunzi" <sunzi () mod-x co uk>
Date: Thu, 7 Nov 2002 14:43:05 -0500
True ... thsi is also the reason that the dreaded FrontPage can't publish through Microsoft's own firewalls/proxies (Proxy2), which is actually a good thing i think :P sunzi ----- Original Message ----- From: "Sebastian Flothow" <sebastian () flothow de> To: <cc_mofo () hushmail com> Cc: <pen-test () securityfocus com>; <webappsec () securityfocus com> Sent: Wednesday, November 06, 2002 5:27 PM Subject: Re: IIS 5.0 with Integrated Window Authentication
The goofy three-message exchange that sets up the NTLM security doesn't seem to make it through the proxy,AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems it includes the client's IP address, which then doesn't match that of the proxy (which is the client from the server's point of view), or something similar. Sebastian -- Sebastian Flothow sebastian () flothow de #include <stddisclaimer.h>
Current thread:
- IIS 5.0 with Integrated Window Authentication cc_mofo (Nov 06)
- Re: IIS 5.0 with Integrated Window Authentication Haroon Meer (Nov 06)
- RE: IIS 5.0 with Integrated Window Authentication Jason Coombs (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 07)
- Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 08)
- RE: IIS 5.0 with Integrated Window Authentication Jason Coombs (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Haroon Meer (Nov 06)
- Re: IIS 5.0 with Integrated Window Authentication Sebastian Flothow (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication sunzi (Nov 07)
- Re: IIS 5.0 with Integrated Window Authentication Dave Aitel (Nov 07)
- <Possible follow-ups>
- RE: IIS 5.0 with Integrated Window Authentication Michael Howard (Nov 06)
- Re: IIS 5.0 with Integrated Window Authentication cc_mofo (Nov 08)
- Re: IIS 5.0 with Integrated Window Authentication cc_mofo (Nov 13)