[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries

[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries spamhotmail 09-11-2006
Posted by on September 11, 2006, 2:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


> HelloStarting in late May/06, I was using the feature "What is that site
> running?" when I noticed that certain Microsoft servers, when queried,
> indicated the operating system they were running wasF5 Big-IP.=C2 I had =
never
> heard of this operating system before and did some research.=C2 I found =
out that
> F5 Big-IP was actually a load balancer on certain Hotmail and MSN servers,
> mostly associated with the gaming zones and even a zone for the UK.=C2 F=
urther
> down in this email, I will include the direct link on the Netcraft site t=
hat I
> am mentioning.=C2 I will also include a list in this email of all instan=
ces that
> I see the F5 Big-IP load balancer used.=C2 For the record, I would also =
like to
> point out that I did inform Microsoft, specifically the Security Research
> Centre as well as the MSN Product Group regarding the fact that on certain
> servers and services, the load balancer was identified to the outside wor=
ld
> and I felt it may be a security risk.=C2 The Security Research Centre di=
d not
> consider it much of anything and the MSN Product Group would not touch the
> issue because I had informed the Security Research Centre first.=C2 If t=
his load
> balancer is not supposed to be showing, I would recommend, if at all poss=
ible,
> the information presented to users when they query this range of servers =
so
> that a malicious element may not use this information to perhaps do harm =
to a
> network.=C2 In the list shown below, I have only shown the list of serve=
rs with
> the F5 Big-IP entries.=C2 Here is the link where I obtained the full lis=
t:=C2=20
>

Please note that we determine the operating system using the TCP/IP
characteristics of the host in question. We cannot see how there is any
greater security risk of identifying the operating system of a load
balancer
than there is of identifying the operating system of a web server. As
you will
see from our FAQ
(http://uptime.netcraft.com/up/accuracy.html#loadbalancers)
we identify the OS of the load balancer because it is that device which
handles the TCP requests.

Regards,

--=20
Dan Gardner=20
Netcraft


Similar ThreadsPosted
DOS Attack & High load June 29, 2007, 5:58 am
hotmail id probs August 23, 2005, 9:12 am
Cannot Print PDF from Hotmail March 9, 2008, 6:35 am
SRX1015374076ID - MSN Hotmail:I have a comment about Ho:Other September 11, 2006, 2:08 pm
SRX1015953575ID - MSN Hotmail:I have a comment about Ho:Other September 11, 2006, 2:37 pm
XP shows only 8 characters of (WEP) Network key. April 6, 2005, 2:19 pm
Firewall shows ports being used in sqeuence December 5, 2005, 9:28 am
Re: Firewall shows ports being used in sqeuence December 5, 2005, 9:57 am
Re: Firewall shows ports being used in sqeuence December 8, 2005, 9:08 am
google groups shows everyone your ip address? January 6, 2006, 6:53 pm

The site map in XML format XML site map

Contact Us | Privacy Policy