Hosting Provided By

Re: IIS 5.0 with Integrated Window Authentication

From: Dave Aitel <dave(at)immunitysec.com>
Date: Thu Nov 07 2002 - 14:35:23 EST

Hmm. My basterdized SPIKE Proxy NTLM auth does, in fact, work through the proxy though.

Client->SPIKE Proxy->Server

Where Client is sending Proxy-Authorization, and SPIKE Proxy is translating that into Authorization: and sending it to the server and so on. I get access on IIS 5.0, at least.

-dave

On Wed, 6 Nov 2002 23:27:54 +0100
Sebastian Flothow <sebastian@flothow.de> wrote:

> > The goofy three-message exchange that sets up the NTLM security
> > doesn't seem to make it through the proxy,
>
> AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems it
> includes the client's IP address, which then doesn't match that of the
>
> proxy (which is the client from the server's point of view), or
> something similar.
>
>
> Sebastian
>
> --
> Sebastian Flothow
> sebastian@flothow.de
> #include <stddisclaimer.h>
>
>

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Thu Nov 7 19:48:07 2002

This message: [ Message body ]
Next message: Dave Aitel: "Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication"
In reply to: Sebastian Flothow: "Re: IIS 5.0 with Integrated Window Authentication"
Reply: Dave Aitel: "Re: IIS 5.0 with Integrated Window Authentication"
Reply: sunzi: "Re: IIS 5.0 with Integrated Window Authentication"
Reply: cc_mofo(at)hushmail.com: "Re: IIS 5.0 with Integrated Window Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT

Do you need help?