[19776] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Don Weber)
Thu Mar 22 15:06:01 2001
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=SHA1;
protocol="application/x-pkcs7-signature";
boundary="----=_NextPart_000_0007_01C0B215.18063050"
Message-ID: <BAEBKBIMJFMJDDHPLBHKAEIKDGAA.Don@AirLink.com>
Date: Wed, 21 Mar 2001 14:42:06 -0800
Reply-To: Don Weber <Don@AIRLINK.COM>
From: Don Weber <Don@AIRLINK.COM>
X-To: "Witter, Franklin" <FWitter@BBANDT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <47795B4647CAD111BE4000805F19303A027634D8@wil-po02-priv>
This is a multi-part message in MIME format.
------=_NextPart_000_0007_01C0B215.18063050
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
is this with a particular version, I tried it and as usual it lets me
'bypass' the first time but not any subsequent attempts, and if I use the
octal format on one computer, a second or any subsequent computers will
NOT get to the site.
-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
Witter, Franklin
Sent: Tuesday, March 20, 2001 10:07 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: SurfControl Bypass Vulnerability
It appears that there is yet another way to bypass the site blocking
feature
of SurfControl for MS Proxy.
Our configuration:
We have set up our rules to deny access to anyone attempting to reach
sites
classified as Adult/Sexually Explicit, Hacking, etc.
That would mean that anyone trying to reach www.blockedsite.com would
normally be denied access to the site.
The workaround:
1. First, do an nslookup on www.blockedsite.com to get the IP address of
the site -- xxx.xxx.xxx.xxx
2. Next, convert each octet to an octal number using the windows
calculator
-- yyy.yyy.yyy.yyy
3. Insert eight (8) leading zeros in the first and third octets and seven
(7) leading zeros in the second and fourth octets --
00000000yyy.0000000yyy.00000000yyy.0000000yyy
4. Type the modified octets into your browser's address bar and, viola!,
your are successfully bypassing the SurfControl filter.
I have contacted SurfControl about this but have had no response.
If anyone has any suggestions for correcting this vulnerability, please
let
me know.
Franklin Witter
Network Security Specialist II
252-246-3546
fax: 252-246-3463
e-mail: FWitter@BBandT.com
------=_NextPart_000_0007_01C0B215.18063050
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII+zCCApkw
ggICoAMCAQICAwQWFjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw
MC44LjMwMB4XDTAxMDEzMTIyNTMyN1oXDTAyMDEzMTIyNTMyN1owUjEOMAwGA1UEBBMFV2ViZXIx
DDAKBgNVBCoTA0RvbjESMBAGA1UEAxMJRG9uIFdlYmVyMR4wHAYJKoZIhvcNAQkBFg9kb25AYWly
bGluay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDGHdxBgsLVe6y25f0FaChoprQY
/TW6xjnwkNajJoWckMsNjmq+0wkpEfscEBdyjftGKR5Y5gPnZ1BnziTTAAUd0tGQPImzYY8m6bTo
GvwZEHF2MI/IBeeG7T1O0hVoisah32WlHt0j4t21U+u2zfBiWiVFlfRtNcXe0cBsRy0PAgMBAAGj
PDA6MA4GA1UdDwEB/wQEAwID+DAaBgNVHREEEzARgQ9kb25AYWlybGluay5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQQFAAOBgQBHHFZIPtmT/2RcSJNEXiyWZR9N3whoxiqSCX4fUd74n13Y
VE71t5ADG8bfSlNGnr+uiHZKG/vsMTV79dgoQg+1t0YS4a3Zfc7vnGug4xMqEWokvfgn0kIZGO/s
Ge+uJsvmhHdbfQaSvyllQj8Q2e+ZJpsNV3SrmFsVslR+6h48DjCCAykwggKSoAMCAQICAQwwDQYJ
KoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
BAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRp
ZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MDA4MzAwMDAwMDBaFw0wMjA4MjkyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2Vz
dGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMU
Q2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw
LjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZgpcO
40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqdknWoJ67Y
cvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFpAgMBAAGjTjBM
MCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzASBgNVHRMBAf8ECDAG
AQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQBzG28mZYv/FTRLWWKK7US+Scfo
DbuPuQ1qJipihB+4h2N0HG23zxpTkUvhzeY42e1Q9DpsNJKs5pKcbsEjAcIJp+9LrnLdBmf1UG8u
WLi2C8FQV7XsHNfvF7bViJu3ooga7TlbOX00/LaWGCVNavSdxcORL6mWuAU8Uvzd6WIDSDCCAy0w
ggKWoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx
KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0
ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA
dGhhd3RlLmNvbTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHRMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRo
YXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
MSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBl
cnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRp
19SwlGRbcelH2AxRtupykbCEXn0tDY97Et+FJXUodDpCLGMnn5V7S+9+GYcdhuqj3bnOlmQawhRu
RKx85o/oTQ9xH0A4pgCjh3j2+ZSGXq3qwF5269kUo11uenwMpUtVfwYZKX+emibVars4JAhqmMex
2qOYkf152+VaxBy5AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
x+ySfk749ZalZ2IqpPBNEWDQb41gWGGsJrtSNVwIzzD7qEqWih9iQiOMFw/0umScF6xHKd+dmF7S
bGBxXKKs3Hnj524ARx+1DSjoAp3kmv0T9KbZfLH43F8jJgmRgHPQFBveQ6mDJfLmnC8Vyv6mq4oH
dYsM3VGEa+T40c53ooExggKqMIICpgIBATCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl
c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw
MC44LjMwAgMEFhYwCQYFKw4DAhoFAKCCAWUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMDEwMzIxMjI0MjAzWjAjBgkqhkiG9w0BCQQxFgQUnI6Gt3d6Yrorq4cqCpTe
AaCqLeAwWAYJKoZIhvcNAQkPMUswSTAOBggqhkiG9w0DAgICAIAwCgYIKoZIhvcNAwcwBwYFKw4D
AgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgasGCSsGAQQBgjcQBDGBnTCB
mjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBU
b3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD
VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMEFhYwDQYJKoZIhvcNAQEBBQAE
gYDO/sZSfLKec1ydwjR4NtllYcNiPNEeWTcKohSiGcu/mPbWpGNh9ZRgmn2uDVHkI7S+Zely4iAW
94pkSFJpjY10EdvPMfNOqv2QRYLlu1kZU3ShsGqIMcNE8gmhtXCw9J1nDzqOjalwCrrE/p1rjrKy
MhyfTVmAuGK5D/Bgd28wggAAAAAAAA==
------=_NextPart_000_0007_01C0B215.18063050--
