Vulnerability Development mailing list archives
Re: Scanning Web Proxy -- Preliminary Concept
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 01:06:51 +0100
A mayor disadvantage with this is that it will spring off IDS:es, and that it may make administrators life harder as there is more junk in the logs. Also, what if the proxy by misstake does damage to a server it investigates, will the proxy admin be liable for damage? Finally, how to you know that something you test won't turn out to be interprented as identical to "Remove email 215" or something? Maybe some of these dangers can be controlled, but the document doesn't mention them being considered. I think you should consider them before futher research - would be bad to lay down weeks of work to learn that the concept cannot be used in real world. So, this is where I sugest you start looking. *But*. If you can implement some or all of these features in a 100% passive proxy, you may very well find a mayor interest in your work. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: Scanning Web Proxy -- Preliminary Concept Bluefish (P.Magnusson) (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept R. DuFresne (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept Ory Segal (Dec 18)
- <Possible follow-ups>
- Re: Scanning Web Proxy -- Preliminary Concept Sahlberg, Jeremiah (Dec 20)