Security Vulnerability Report

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Thank you for the note.  I find it interesting that Netcraft
the load balancing system used.  I would not however consider this a
vulnerability.  There are quite a few tools out there that allow
to gather information about the type of device/OS that they are
connecting to/through.  Some of these "fingerprinting" methods include
throwing different types of ICMP packets at the device/OS and matching
the response to a database of expected responses and associated

I will however pass this along to the MSN group for their information
and action if necessary.

Kind regards,

Manufacturer and model of your computer:

Have you installed any additional hardware on the system?

Have you installed any operating system security patches?
Don't Know


What product are you reporting a security vulnerability in?
Product Name:
Product Version:

Have you installed any service packs for the product?:
Don't Know

Have you installed any security patches for the product?:
Don't Know


Please describe the flaw in the product:
The following deals with an issue about the operation of MSN servers
instead of a product.  Your security vulnerability form from the
Microsoft Security Centre makes the assumption that the product sits on
a consumer's machine.  This message is about how the MSN servers may
configured and a possible security issue related to those servers.
of my friends was having difficulty connecting to MSN instant messenger
games servers so I did a little research to see if I could advise my
friend on the best course of action to fix the problem.  I researched
the MSN gaming zone server using a network technology server webpage
that is called Netcraft.  Netcraft offers company name specific
by web address which in turn lists web servers along with the software
and operating system in use.

Is the flaw present in the product in the default configuration?

Please tell us how to duplicate the problem in our laboratory:
Contact Me for a Program.

Please describe how someone might mount an attack via the flaw:

The feature I used on the Netcraft web page is called "What is that
running?"  The specific address I queried on Netcraft was
and the information it provided is shown below: was running Microsoft-IIS on F5 Big-IP when last
queried at 20-May-2006 04:55:34 GMT - refresh now Site Report Try out
the Netcraft Toolbar!  FAQ

OS  Server Last changed IP address Netblock Owner
F5 Big-IP  Microsoft-IIS/6.0  30-Mar-2006  
unknown  Microsoft-IIS/6.0  2-Feb-2006   Microsoft

unknown  Microsoft-IIS/6.0  21-May-2005   Microsoft

unknown  unknown  20-May-2005   Microsoft Corp  
unknown  Microsoft-IIS/6.0  17-Jan-2005   Microsoft

unknown  Microsoft-IIS/6.0  17-Jan-2005   Microsoft

Windows Server 2003  Microsoft-IIS/6.0  16-Jan-2005
Microsoft Corp  
unknown  Microsoft-IIS/6.0  15-Jan-2005   Microsoft

Windows Server 2003  Microsoft-IIS/6.0  14-Jan-2005
Microsoft Corp  
unknown  Microsoft-IIS/6.0  24-Nov-2004   Microsoft

The very first entry in the list shows the operating system as F5
Big-IP.  Because I had never see that before I did a search.  I found
the company F5 of which Microsoft is a client.  In F5's product
I found the mentioned product was a load balancer.  I am not an IT
professional, I am just an ultra-geek, but most load balancers I have
seen don't identify themselves at all - only the web servers are
identified.  I do not understand fully, nor should I, how your server
network is set up.  However, since I was able to research the product
simply by running a web search, I think this could open you up to
vulnerabilities which would not be very good.  If this is a glitch,
sure it is invisible and if not, congratulations on the new
installation.  Theoretically, if a person knew what brand and model of
load balancer a major web page was using, they could research to see if
any vulnerabilities had been found with that load balancer.
Hypothetically, if they had the skill or a program was available to do
it for them, they could either disrupt or access restricted areas of a
web page.

Please describe what the result of a successful attack would be:

The MSN gaming service would most likely not be available.

Please provide any additional information that might be helpful in
investigating this issue:

The new load balancer first showed up on Mar. 30/06 as specified in the
Netcraft information.

Site Timeline