[19809] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Riad S. Wahby)
Fri Mar 23 10:11:44 2001
Mail-Followup-To: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain
Content-Disposition: inline
Message-ID: <20010322163459.B14209@positron.mit.edu>
Date: Thu, 22 Mar 2001 16:34:59 -0500
Reply-To: "Riad S. Wahby" <rsw@MIT.EDU>
From: "Riad S. Wahby" <rsw@MIT.EDU>
X-To: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <F20yY0QUUBPcZi71mrv00008c2d@hotmail.com>; from
chris_stclair@HOTMAIL.COM on Thu, Mar 22, 2001 at 03:18:15PM -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Chris St. Clair" <chris_stclair@HOTMAIL.COM> wrote:
> 0xc0.168.000000001.1
>
> Coming up with an effective regex to match that might be tough.
Preposterous. That the above is interpreted correctly by the browser
is proof that it can be interpreted by filtering software.
The problem here is that you are trying to filter the syntactic
representation instead of the semantic one, while the browser is able
to interpret the latter. Clearly, if the browser has some way of
converting from 0xc0.160.0000000001.1 into 0xC0A00101, the filtering
software can do the same.
The filtering software, then, must have an internal representation of
sites to block by address that corresponds to the output of an
interpreter (i.e. a syntax->semantics converter) which is able to
convert addresses in the same way that the browser does.
- --
Riad Wahby
rsw@mit.edu
MIT VI-2/A 2002
5105
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6unADyORnZ6qsmZQRAnBPAJ9tcC0tTw4rvUAprmGh+Vix59DKygCfae5A
crqqbLihpYY2vXSI8E2HE2w=
=muK9
-----END PGP SIGNATURE-----
