RE: IDEA: Stealth Cache

From: Jay Wilson <jwilson@dont-contact.us>
Date: Sun, 9 Jan 2000 14:08:56 -0600

Sorry....

I misunderstood the question.

Jay Wilson
Internet Manager
Access L.L.C.
HIGH SPEED INTERNET ACCESS FOR BUSINESS
7518 Enterprise Avenue
Germantown, TN. 38138-3802
(901) 869-8001

 -----Original Message-----
From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
Sent: Sunday, January 09, 2000 8:19 AM
To: Miguel A.L. Paraz
Cc: squid-users@ircache.net
Subject: Re: IDEA: Stealth Cache

Miguel A.L. Paraz wrote:

> Problem: How can you be sure that the session you capture is complete and
not
> corrupt? Rely on the TCP control information?

TCP contains all verification you need for this.

There is however a serious security warning: Unless you are very careful
about verifying the destination name, users can easily fool the stealth
server to inject false pages into the cache.

Why:
The stealth server will only know the destination IP address. To
reconstruct the server name it must look into the Host: header of the
request data.

How:
By sending a false Host: header in a request to another IP address.

How to avoid:
Make sure that a DNS lookup of the server name returns the same IP
address.

Will not work for:
Load balanced servers returning different IP addresses on different DNS
requests where the other IP addresses is excluded from the DNS response.

--
Henrik Nordstrom
Squid hacker
Received on Sun Jan 09 2000 - 13:28:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:17 MST