Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Your opinions are solicited ...
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Tue, 31 Oct 2000 11:02:53 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----Original Message-----
From: Paul Robinson [mailto:paul () AKITANET CO UK]
Sent: Tuesday, October 31, 2000 9:59 AM

[...]
In
addition I'd probably do some session-authentication with
changing cookies
per transaction, combined with IP authentication.
[...]

IP authentication? In today's world or access through NATed firewall
or proxy servers, or providers like AOL, all in an Internet
environment increasingly becoming akamaied... uhm... cached, I
strongly doubt that IP authentication is viable. Take AOL users for
example: One request appears to be coming from proxy1.aol.com, the
next request from proxy3.aol.com. That would mean that your 'IP
authenticated' web page will invalidate the second request.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOf77PURKym0LjhFcEQJnqACfdAodtrCcF3p8EcR8Mv3nL5bkYWsAnjN0
t2o4wmVDlPG83vgB+wMxHQtb
=YBqC
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault