[19779] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Chris St. Clair)
Thu Mar 22 16:10:57 2001
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F20yY0QUUBPcZi71mrv00008c2d@hotmail.com>
Date: Thu, 22 Mar 2001 15:18:15 -0000
Reply-To: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>
From: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>
X-To: FWitter@BBANDT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Another way to bypass other URL filtering software is to convert
the IP octets into hex using 0xnnn representation. I've been working
with other vendors for a fix on this and will be posting a more
detailed followup regarding the software I've been testing as soon
as the various vendors provide fixes.
As for an interim fix, it depends on the software and how flexible
it is. Some will let you block certain regex's, some won't. If it
does support regex's, the actual regex will depend on the different
combinations you can use to represent the IP octets. For example,
a combination of hex, octal, and regular decimal:
0xc0.168.000000001.1
Coming up with an effective regex to match that might be tough.
-chris
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
