OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Scanning Web Proxy -- Preliminary Concept
From: Bluefish (P.Magnusson) (11aGMX.NET)
Date: Fri Dec 15 2000 - 18:06:51 CST


A mayor disadvantage with this is that it will spring off IDS:es, and that
it may make administrators life harder as there is more junk in the logs.
Also, what if the proxy by misstake does damage to a server it
investigates, will the proxy admin be liable for damage? Finally, how to
you know that something you test won't turn out to be
interprented as identical to "Remove email 215" or something?

Maybe some of these dangers can be controlled, but the document doesn't
mention them being considered. I think you should consider them before
futher research - would be bad to lay down weeks of work to learn that the
concept cannot be used in real world.

So, this is where I sugest you start looking.

*But*. If you can implement some or all of these features in a 100%
passive proxy, you may very well find a mayor interest in your work.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe