Author Topic: X-Forwarded-For headers non-interpretation in IDP log  (Read 3500 times)

poc

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
X-Forwarded-For headers non-interpretation in IDP log
« on: March 16, 2012, 06:00:24 am »
Hi everyone,

We are trying to interpret, analyze and make correlations from some of the IDP events generated by SRX-3400 and SRX-650 devices. But we cannot achieve what we need because in some HTTP alerts the source IP address is from Akamai (http://www.akamai.com/) and not from the attacker.

In deeper analysis we can trace back the attackers IP address, from the binary logs including the packet trace, looking at the X-Forwarded-For HTTP headers. But with this approach we cannot define proper actions at IDP level.

Also, as far as we know, the SRX-650 series doesn't support packet traces, so we are blind here and can't trace the real source of the attacks we are receiving.

┐We are missing something, or it is not possible to interpret the X-Forwarded-For headers directly?

Any guidance or information will be much appreciated, thank you in advance and have a nice day!