[19786] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (skelly)
Thu Mar 22 17:41:32 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <001001c0b255$588ca330$430115ac@cpicorp.com>
Date: Wed, 21 Mar 2001 16:21:59 -0600
Reply-To: skelly <skelly@CENTRICS-TECHNOLOGY.COM>
From: skelly <skelly@CENTRICS-TECHNOLOGY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <47795B4647CAD111BE4000805F19303A027634D8@wil-po02-priv>
As far as I know, this, or close variations on this (ie,
0yyy.0yyy.0yyy.0yyy, or turning the whole thing into binary, removing the
dots, and reconverting to decimal, hex, etc.) work on most, if not all web
censors/filters. Reference 2600, Vol 17, #3, Fall 2000 (www.2600.com), p43.
Sean Kelly
-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
Witter, Franklin
Sent: Tuesday, March 20, 2001 12:07 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: SurfControl Bypass Vulnerability
It appears that there is yet another way to bypass the site blocking feature
of SurfControl for MS Proxy.
Our configuration:
We have set up our rules to deny access to anyone attempting to reach sites
classified as Adult/Sexually Explicit, Hacking, etc.
That would mean that anyone trying to reach www.blockedsite.com would
normally be denied access to the site.
The workaround:
1. First, do an nslookup on www.blockedsite.com to get the IP address of
the site -- xxx.xxx.xxx.xxx
2. Next, convert each octet to an octal number using the windows calculator
-- yyy.yyy.yyy.yyy
3. Insert eight (8) leading zeros in the first and third octets and seven
(7) leading zeros in the second and fourth octets --
00000000yyy.0000000yyy.00000000yyy.0000000yyy
4. Type the modified octets into your browser's address bar and, viola!,
your are successfully bypassing the SurfControl filter.
I have contacted SurfControl about this but have had no response.
If anyone has any suggestions for correcting this vulnerability, please let
me know.
Franklin Witter
Network Security Specialist II
252-246-3546
fax: 252-246-3463
e-mail: FWitter@BBandT.com
