[19792] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Andrew Moran)
Fri Mar 23 05:00:08 2001
Message-ID: <200103230307.OAA00815@flood.nomad.net.au>
Date: Fri, 23 Mar 2001 14:07:23 +1100
Reply-To: Andrew Moran <amoran@NOMAD.NET.AU>
From: Andrew Moran <amoran@NOMAD.NET.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 22 Mar 2001 15:18:15 -0000."
<F20yY0QUUBPcZi71mrv00008c2d@hotmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
>
> As for an interim fix, it depends on the software and how flexible
> it is. Some will let you block certain regex's, some won't. If it
> does support regex's, the actual regex will depend on the different
> combinations you can use to represent the IP octets. For example,
> a combination of hex, octal, and regular decimal:
> 0xc0.168.000000001.1
>
> Coming up with an effective regex to match that might be tough.
>
> -chris
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
I'm using Squid 2.3.STABLE3 for URL filtering and this workaround doesn't seem
to work.
*I think* Squid treats it as a hostname (because it isn't in the
xxx.xxx.xxx.xxx format?) and thus cannot resolve it, producing a DNS error.
I tried www.sex.com (209.81.7.21), which is blocked, and Squid returns:
- -----------------
While trying to retrieve the URL: http://00000000321.0000000121.000000007.00000
00025/
The following error was encountered:
Unable to determine IP address from host name for
00000000321.0000000121.000000007.0000000025
The dnsserver returned:
Name Error: The domain name does not exist.
- ------------------
This is access.log:
985316877.011 4 172.28.5.237 TCP_MISS/503 1269 GET
http://00000000321.0000000121.000000007.0000000025/ -
DIRECT/00000000321.0000000121.000000007.0000000025 -
And yes, the octal string works with nslookup
-Andrew.
- --
Andrew Moran
Internetworking/UNIX Systems Engineer
Nomad Telecommunications
mailto:amoran@nomad.net.au
Ph: +61 3 9520 7825
Fx: +61 3 9520 7851
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999 (debian)
iD8DBQE6ur3rD62KcsHh/L0RAk/iAKCOYejhuWisLW32tJam4PAdg7PKiwCgl0nl
uhMlO+1dMOYsLpsrgquD0mE=
=3dMa
-----END PGP SIGNATURE-----
