meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, July 28th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 28 July 2017

⏱️ 14 minutes

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. HTTP Middlemen Vulnerabilities; Goldeneye/Petya Decrypte;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, July 28, 2017 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Washington, D.C.

0:13.1

When you are connecting to a website these days, you hardly ever directly connect to the web server.

0:21.6

Instead, your request is typically forwarded by one or more proxies.

0:27.0

Now, there are different types of proxies.

0:29.0

Some of them are really more in front of the client

0:31.9

and are often used to cash content, sometimes also to accelerate requests.

0:37.5

And then we have proxies in front of servers, sometimes referred to as reverse proxies,

0:42.6

that are used for load balancing and, of course, filtering like web application firewalls.

0:50.0

An interesting blog by James Kettle of Portsvicker takes a look at how these particular middle stations can be used to manipulate requests, in particular to forward requests to unintended destinations.

1:06.9

Now, typically, when your browser sends a request, it will look up an IP address for a host name,

1:12.9

and then send the request to that IP address and use a host header that matches the host name that you're trying to reach.

1:21.3

What happens quite often with these proxies, in particular if they're part of a content delivery network or CDN, is that many, many

1:30.8

different websites do share one IP address, and the host name can be used to resolve this ambiguity.

1:39.4

Now, the problem shows up then if you send a crafted request using an artificial host name that

1:46.6

does not necessarily match the host name that a browser would insert.

1:52.3

For example, you could add a port number to that host name that's different than Port 80

1:59.6

or Port 443, in which case the request could for example be

2:04.4

routed to an admin interface that often listens on a different port also i can then redirect

2:12.3

requests to totally different destinations overall these issues aren't really that new they

2:17.3

have always existed in particular with these reverse proxies.

2:21.1

But as this blog shows, there are many, many ways to exploit these issues.

2:28.0

And James does a will-grade job in his blog post to look at some of different architectures

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.