[19853] in bugtraq
Re: SurfControl Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Tue Mar 27 02:44:49 2001
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_710034458P"; micalg=pgp-sha1;
protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-ID: <200103261900.f2QJ0IA14884@foo-bar-baz.cc.vt.edu>
Date: Mon, 26 Mar 2001 14:00:18 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: Ben Ford <bford@ERISKSECURITY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Mon, 26 Mar 2001 06:01:48 PST."
<3ABF4BCC.2030001@erisksecurity.com>
--==_Exmh_710034458P
Content-Type: text/plain; charset=us-ascii
On Mon, 26 Mar 2001 06:01:48 PST, Ben Ford <bford@ERISKSECURITY.COM> said:
> The idea of IP based penetration is also flawed, in that you'd get the
> default domain of the box anyways. Unless that default domain has an
> index page to give you a choice of virtual hosts (and many/most don't),
> you wouldn't be able to access the desired http://www.juicysex.com anyways.
Unless of course you find a way to get the Host: header set the way you
want, and the blocking software is only looking at the GET/POST/whatever
query.
Note that this may depend on the exact particulars of how the filter is
implemented, and may not be possible on a "standard" browser/filter
combination. But it's *not* safe to assume that "they can't get there
because there's no index page". That's just security-through-obscurity.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_710034458P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOr+RwnAt5Vm009ewEQIE3ACbBV40O2ev6bbhK7mX+kjCbgxEtCUAoOgn
ILirrvg4Llut7CoBwKH5Kbzy
=HT7y
-----END PGP SIGNATURE-----
--==_Exmh_710034458P--
