Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Reverse Proxy Pen Testing

from [Jerry Shenk] Network Security [Permanent Link]
Subject: RE: Reverse Proxy Pen Testing
Date: Sat, 26 Mar 2005 18:51:36 -0500 
I have found some proxies to be set up incorrectly when doing
pen-testing by simply configuring IE to use the public IP address as a
proxy.  One in particular, I was able to use their internet proxy to
access anything on their 10... from the internet simply by pointing IE's
proxy config at the public IP address.  That wasn't a "proxy problem",
it was a configuration problem but still, a pretty big problem!
...internal servers, printers, really not good!

-----Original Message-----
From: FF 647 [mailto:ff_647@yahoo.com] 
Sent: Friday, March 25, 2005 7:41 PM
To: pen-test@securityfocus.com
Subject: Reverse Proxy Pen Testing


Does anyone know of a way to test a netcache to see if
it will return content from web sites on an internal
network -- intranet sites that would otherwise not be
viewable by the public? Any info would be appreciated
as we are investigating techniques to simulate
Internet based attack vectors against our reverse proxy.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Reverse Proxy Pen Testing, Andres Riancho
Next by Date:  Changing Source Port For Nmap Idle Scan, SecureHacK
Previous by Thread:  Re: Reverse Proxy Pen Testing, Andres Riancho
Next by Thread:  Changing Source Port For Nmap Idle Scan, SecureHacK
Indexes:  [Date] [Thread] [Top] [All Lists]