Re: IDEA: Stealth Cache

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 09 Jan 2000 15:18:33 +0100

Miguel A.L. Paraz wrote:

> Problem: How can you be sure that the session you capture is complete and not
> corrupt? Rely on the TCP control information?

TCP contains all verification you need for this.

There is however a serious security warning: Unless you are very careful
about verifying the destination name, users can easily fool the stealth
server to inject false pages into the cache.

Why:
The stealth server will only know the destination IP address. To
reconstruct the server name it must look into the Host: header of the
request data.

How:
By sending a false Host: header in a request to another IP address.

How to avoid:
Make sure that a DNS lookup of the server name returns the same IP
address.

Will not work for:
Load balanced servers returning different IP addresses on different DNS
requests where the other IP addresses is excluded from the DNS response.

--
Henrik Nordstrom
Squid hacker
Received on Sun Jan 09 2000 - 07:35:53 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:17 MST