[19814] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Paul Cardon)
Fri Mar 23 16:33:09 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3ABB7B2A.A9C5126@moquijo.com>
Date: Fri, 23 Mar 2001 11:34:50 -0500
Reply-To: paul@MOQUIJO.COM
From: Paul Cardon <paul@MOQUIJO.COM>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
Darren Reed wrote:
>
> In some mail from Chris St. Clair, sie said:
> >
> > As for an interim fix, it depends on the software and how flexible
> > it is. Some will let you block certain regex's, some won't. If it
> > does support regex's, the actual regex will depend on the different
> > combinations you can use to represent the IP octets. For example,
> > a combination of hex, octal, and regular decimal:
> > 0xc0.168.000000001.1
> >
> > Coming up with an effective regex to match that might be tough.
>
> See, that's the wrong approach to take, IMHO.
Agreed.
> Whatever software is doing that should be converting the "hostname"
> into something it can match. A small amount of translation never
> goes astray. When that is done, evrything is either a hostname or
> a dotted-quad string and life is much easier.
Chris and I recommended to the vendors that everything be translated to
a canonical form before matching (32-bit unsigned ints in network byte
order are tremendously unambiguous). However, the only mechanism many
of them have available in the meantime is regex matching of varying
sophistication. Uggh. :^p
-paul
