Security Vulnerability Report
am 11.09.2006 20:01:27 von spamhotmailThank you for the note. I find it interesting that Netcraft
identified
the load balancing system used. I would not however consider this a
vulnerability. There are quite a few tools out there that allow
people
to gather information about the type of device/OS that they are
connecting to/through. Some of these "fingerprinting" methods include
throwing different types of ICMP packets at the device/OS and matching
the response to a database of expected responses and associated
products.
I will however pass this along to the MSN group for their information
and action if necessary.
Kind regards,
Brian
Manufacturer and model of your computer:
N/A
Have you installed any additional hardware on the system?
No
Have you installed any operating system security patches?
Don't Know
AFFECTED PRODUCT
What product are you reporting a security vulnerability in?
Product Name:
zone.msn.com
Product Version:
unknown
Have you installed any service packs for the product?:
Don't Know
Have you installed any security patches for the product?:
Don't Know
VULNERABLITY INFORMATION
Please describe the flaw in the product:
The following deals with an issue about the operation of MSN servers
instead of a product. Your security vulnerability form from the
Microsoft Security Centre makes the assumption that the product sits on
a consumer's machine. This message is about how the MSN servers may
be
configured and a possible security issue related to those servers.
One
of my friends was having difficulty connecting to MSN instant messenger
games servers so I did a little research to see if I could advise my
friend on the best course of action to fix the problem. I researched
the MSN gaming zone server using a network technology server webpage
that is called Netcraft. Netcraft offers company name specific
searches
by web address which in turn lists web servers along with the software
and operating system in use.
Is the flaw present in the product in the default configuration?
Yes
Please tell us how to duplicate the problem in our laboratory:
Contact Me for a Program.
Please describe how someone might mount an attack via the flaw:
The feature I used on the Netcraft web page is called "What is that
site
running?" The specific address I queried on Netcraft was
zone.msn.com
and the information it provided is shown below:
http://zone.msn.com was running Microsoft-IIS on F5 Big-IP when last
queried at 20-May-2006 04:55:34 GMT - refresh now Site Report Try out
the Netcraft Toolbar! FAQ
OS Server Last changed IP address Netblock Owner
F5 Big-IP Microsoft-IIS/6.0 30-Mar-2006 207.46.166.10
Microsoft
Corp
unknown Microsoft-IIS/6.0 2-Feb-2006 207.46.166.10 Microsoft
Corp
unknown Microsoft-IIS/6.0 21-May-2005 207.46.203.12 Microsoft
Corp
unknown unknown 20-May-2005 207.46.203.12 Microsoft Corp
unknown Microsoft-IIS/6.0 17-Jan-2005 207.46.203.12 Microsoft
Corp
unknown Microsoft-IIS/6.0 17-Jan-2005 207.46.203.12 Microsoft
Corp
Windows Server 2003 Microsoft-IIS/6.0 16-Jan-2005 207.46.203.12
Microsoft Corp
unknown Microsoft-IIS/6.0 15-Jan-2005 207.46.203.12 Microsoft
Corp
Windows Server 2003 Microsoft-IIS/6.0 14-Jan-2005 207.46.203.12
Microsoft Corp
unknown Microsoft-IIS/6.0 24-Nov-2004 207.46.203.12 Microsoft
Corp
The very first entry in the list shows the operating system as F5
Big-IP. Because I had never see that before I did a search. I found
the company F5 of which Microsoft is a client. In F5's product
listing,
I found the mentioned product was a load balancer. I am not an IT
professional, I am just an ultra-geek, but most load balancers I have
seen don't identify themselves at all - only the web servers are
usually
identified. I do not understand fully, nor should I, how your server
network is set up. However, since I was able to research the product
simply by running a web search, I think this could open you up to
vulnerabilities which would not be very good. If this is a glitch,
make
sure it is invisible and if not, congratulations on the new
installation. Theoretically, if a person knew what brand and model of
load balancer a major web page was using, they could research to see if
any vulnerabilities had been found with that load balancer.
Hypothetically, if they had the skill or a program was available to do
it for them, they could either disrupt or access restricted areas of a
web page.
Please describe what the result of a successful attack would be:
The MSN gaming service would most likely not be available.
Please provide any additional information that might be helpful in
investigating this issue:
The new load balancer first showed up on Mar. 30/06 as specified in the
Netcraft information.