[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries

[Ticket#2006062710000052] Load balancer shows up on Hotmail & MSN entries

am 11.09.2006 20:22:54 von spamhotmail

> HelloStarting in late May/06, I was using the feature "What is that site
> running?" when I noticed that certain Microsoft servers, when queried,
> indicated the operating system they were running wasF5 Big-IP.=C2 I had =
never
> heard of this operating system before and did some research.=C2 I found =
out that
> F5 Big-IP was actually a load balancer on certain Hotmail and MSN servers,
> mostly associated with the gaming zones and even a zone for the UK.=C2 F=
urther
> down in this email, I will include the direct link on the Netcraft site t=
hat I
> am mentioning.=C2 I will also include a list in this email of all instan=
ces that
> I see the F5 Big-IP load balancer used.=C2 For the record, I would also =
like to
> point out that I did inform Microsoft, specifically the Security Research
> Centre as well as the MSN Product Group regarding the fact that on certain
> servers and services, the load balancer was identified to the outside wor=
ld
> and I felt it may be a security risk.=C2 The Security Research Centre di=
d not
> consider it much of anything and the MSN Product Group would not touch the
> issue because I had informed the Security Research Centre first.=C2 If t=
his load
> balancer is not supposed to be showing, I would recommend, if at all poss=
ible,
> the information presented to users when they query this range of servers =
so
> that a malicious element may not use this information to perhaps do harm =
to a
> network.=C2 In the list shown below, I have only shown the list of serve=
rs with
> the F5 Big-IP entries.=C2 Here is the link where I obtained the full lis=
t:Â
>

Please note that we determine the operating system using the TCP/IP
characteristics of the host in question. We cannot see how there is any
greater security risk of identifying the operating system of a load
balancer
than there is of identifying the operating system of a web server. As
you will
see from our FAQ
(http://uptime.netcraft.com/up/accuracy.html#loadbalancers)
we identify the OS of the load balancer because it is that device which
handles the TCP requests.

Regards,

--=20
Dan Gardner=20
Netcraft