[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!

To: morning_wood <se_cur_ity@hotmail.com>
Subject: Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
From: Jordan Wiens <jwiens@nersp.nerdc.ufl.edu>
Date: Sun, 24 Aug 2003 17:47:53 -0400 (EDT)

fyi, the googleproxy will only proxy html, not images or other files.  So
for example, checking my logs after testing the proxy produces:

216.239.39.5 - - [24/Aug/2003:17:40:50 -0400] "GET / HTTP/1.0" 200 1556 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401,gzip(gfe) (via translate.google.com)"
my.re.al.ip - - [24/Aug/2003:17:40:50 -0400] "GET /style.css HTTP/1.1" 200 796 "http://216.239.39.104/translate_c?hl=en&u=http://psifertex.com/&prev=http://translate.google.com/language_tools"; "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401"
my.re.al.ip - - [24/Aug/2003:17:40:50 -0400] "GET /images/psifertex.jpg HTTP/1.1" 200 7264 "http://216.239.39.104/translate_c?hl=en&u=http://psifertex.com/&prev=http://translate.google.com/language_tools"; "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401"

Plus, google does pass along X-Forwarded-For headers:

GET / HTTP/1.0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401,gzip(gfe) (via translate.google.com)
Accept-Language: en
Accept-Charset: utf-8,*
Accept: text/html, text/plain, */*
Via: 1.0 translate.google.com (TWS/0.9), 1.0 proxy.google.com:80 (Squid/2.3.STABLE4)
X-Forwarded-For: my.re.al.ip, unknown
Host: psifertex.nerdc.ufl.edu
Cache-Control: max-age=259200
Connection: keep-alive

Interesting that they're using squid for their translation.

-- 
Jordan Wiens, CISSP
UF Network Incident Response Team
(352)392-2061

On Sat, 23 Aug 2003, morning_wood wrote:

> Messagei kinda discoverd google's use as a proxy simply by doing
> http://translate.google.com/translate?u=http%3A%2F%2Fwhatismyip.com
>
> and is essentally the basis of http://exploit.wox.org/tools/googleproxy.html
>
>
> Donnie Werner
> Chief Technical Officer
> E2 Labs Information Security Pvt. Ltd.
>
> http://e2-labs.com
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
  - From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>
- Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
  - From: "morning_wood" <se_cur_ity@hotmail.com>

Prev by Date: Re: [Full-Disclosure] Strange packets - OFFTOPIC
Next by Date: [Full-Disclosure] Miatrade Guestbook - Persistant XSS
Prev by thread: Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
Next by thread: R: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
Index(es):
- Date
- Thread