Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning Web Proxy -- Preliminary Concept

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 16 Dec 2000 01:06:51 +0100
A mayor disadvantage with this is that it will spring off IDS:es, and that
it may make administrators life harder as there is more junk in the logs.
Also, what if the proxy by misstake does damage to a server it
investigates, will the proxy admin be liable for damage? Finally, how to
you know that something you test won't turn out to be
interprented as identical to "Remove email 215" or something?

Maybe some of these dangers can be controlled, but the document doesn't
mention them being considered. I think you should consider them before
futher research - would be bad to lay down weeks of work to learn that the
concept cannot be used in real world.

So, this is where I sugest you start looking.

*But*. If you can implement some or all of these features in a 100%
passive proxy, you may very well find a mayor interest in your work.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe
Previous By Date Next
Previous By Thread Next

Current thread: