[21155] in bugtraq
SurfControl Internet Monitoring/Blocking
daemon@ATHENA.MIT.EDU (ndesai01@tampabay.rr.com)
Fri Jun 22 19:32:02 2001
Date: 18 Jun 2001 23:49:34 -0000
Message-ID: <20010618234934.27318.qmail@securityfocus.com>
From: <ndesai01@tampabay.rr.com>
To: bugtraq@securityfocus.com
I have been working with the people of SurfControl for
a couple of weeks now and all they say is that they
will submit it as a bug in the software and try to get
a fix out in the next couple of months. So here goes….
You can bypass the software by using a proxy sever
before your traffic is looked at by SurfControl Super
Scout. After talking with the people at SurfControl it
has become apparent that you may bypass all of their
software that is meant for Internet monitoring. I have
not been able to test it though. They only look at
packets that have the HTTP GET request and "Host:"
information in it. If you split up the request so that
HTTP GET request is not in the same packet as
the "Host:" information then you will bypass the
software.
You can easily do this by using a proxy server before
you get to the node that is doing the Internet
monitoring. If you have Compaq PC's or servers that
are not patched you can proxy off the Insite Manager
software
(http://www.compaq.com/support/files/server/us/dow
nload/9609.html). If you have PERL installed you can
use RFProxy, HTTPush or Pudding. These programs
were intended for the testing of IDS evasion
techniques but work wonders for Internet
monitoring/blocking evasion.
Neil
