[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] defense against session hijacking

To: "Gary E. Miller" <gem@rellim.com>
Subject: Re: [Full-Disclosure] defense against session hijacking
From: Ron DuFresne <dufresne@winternet.com>
Date: Wed, 19 Nov 2003 11:09:44 -0600 (CST)

On Mon, 17 Nov 2003, Gary E. Miller wrote:

> Yo Thomas!
>
> Some ISPs like AOL use ganged proxies/caches.  You may get the same session
> from different proxies as they round robin.
>
> Overly agressive web caches are a big problem for web apps.
>

not to mention that IP's can be spoofed.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] defense against session hijacking
  - From: "Gary E. Miller" <gem@rellim.com>

Prev by Date: [Full-Disclosure] Sidewinder G2 Thanks and a question or two
Next by Date: Re: [Full-Disclosure] Sidewinder G2
Previous by thread: Re: [Full-Disclosure] defense against session hijacking
Next by thread: Re: [Full-Disclosure] defense against session hijacking
Index(es):
- Date
- Thread