I can think of some reasons why it will not work at all. (The use of 100s of individual scripts by nessus for one.)If we restrict this to plugins that use the HTTP keep-alive interface we should be able to avoid changing individual scripts.
I think it would be nice if you (or someone else) can establish that this is in fact a standard way that will work on any IIS cluster.The Machine: header - no this will not work on all clusters. In fact I'm going to recommend to the client they drop it, so shortly it won't even work on this cluster. But you can identify the back-end machines other ways. The ipid field is one; another is to use any private IP address leakage flaw.
Paul
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: [EMAIL PROTECTED] web: www.westpoint.ltd.uk
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
