[11077] in bugtraq
IIS respond private address
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Tue Jul 20 14:43:03 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199907170103.JJG55568.JBO-NX@lac.co.jp>
Date: Sat, 17 Jul 1999 01:03:16 -0400
Reply-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
From: Nobuo Miwa <n-miwa@LAC.CO.JP>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Folks who have IIS bihind Firewall,
My IIS 4.0 respond its real IP Address unashamedly even if
they are behind Firewall and it has private address.
It's easy to test for everyone.
$ telnet www.some.where 80
Trying ***.***.**.3...
Connected to www.some.where.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Content-Location: http://192.168.10.15/index.html
...
I've tested this on Japanese IIS 4.0 SP5 but I've not tested
many cases yet. Please comment.
I searched some informations for controlling Content-Location
header. But I couldn't find its solution.
I just want to hide my private address from all over the world...
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp
------------------------------------o00o--(. .)--o00o----------------------
LAC CO.,LTD. TEL: +1-617-367-6726 FAX: +1-617-367-6726
