Michael, Yes there are ... but that's not important right now - and stop calling me shirely :)
Here's what I'm saying. Many web servers are hosted behind a firewall and exist on a NAT network with static mappings. A PIX or other ALG capable firewall uses packet inspection to forward requests to an internal address. So the "outside" IP is the public address of the site (204.23.28.x) and the "inside" address is something else - usually from a non-routable subnet like 10.x.x.x or 192.x.x.x or 172.x.x.x This enables network admin to set up internal networks subnets that are simplified - even if they have a large pool of disparate ips on different subnets from multiple providers (as most do). This internal address may be helpful to a hacker who can otherwise gain access to that internal space. I'm not saying it could be used as a "magic bullet" to break into the system - but as a matter of practice you don't want internal ips and internal servernames (netbios names) to be public. -Mark Mark A. Kruger, CFG, MCSE www.cfwebtools.com www.necfug.com http://mkruger.cfwebtools.com -----Original Message----- From: Michael T. Tangorre [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:28 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices > From: Mark A Kruger [mailto:[EMAIL PROTECTED] > From a security standpoint there is the address of the server > via DNS (easily obtained) and then there is the address of > the server as it exists on the internal network or DMZ of the > host. Depending on the network setup this may be quite > different and in certain instances can be valuable to a > malicious programmer. And there are always the people who have CF on a separate server than the web server.... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220323 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
