[24386] in bugtraq
RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint
daemon@ATHENA.MIT.EDU (Peter Bieringer)
Fri Feb 22 21:24:27 2002
Date: Fri, 22 Feb 2002 19:23:07 +0100
From: Peter Bieringer <pb@bieringer.de>
To: "Proescholdt, timo" <Timo.Proescholdt@brk-muenchen.de>,
bugtraq@securityfocus.com
Cc: "'Steve VanDevender'" <stevev@hexadecimal.uoregon.edu>
Message-ID: <12440000.1014402187@localhost>
In-Reply-To: <410B51F29EA8D3118EE400508B44AE2B3C6FCD@rz-nt-mail.brk-muenchen.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="==========1818399384=========="
--==========1818399384==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi,
sure this reply is also not posted on bugtraq :-(
but perhaps interesting for someone...
--On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt,
timo" <Timo.Proescholdt@brk-muenchen.de> wrote:
>
>> It's not just Checkpoint Firewall that has a problem with HTTP
> CONNECT.>
>> From what I can tell default installations of the CacheFlow web
>> proxy software, some Squid installations, some Apache
>> installations with proxying enabled, and some other web proxy
>> installations I haven't identified allow anyone to use the HTTP
>> CONNECT method. This is being
>
> Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
> Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
> configuration
> switch to change this behaviour.
I have confirmed today also
Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182
and found two interesting points, too:
1) if used also for SMTP, a firewall cannot block CONNECT to port 25
anymore. Solution: split installation to different machines (TM
license allows this).
2) Looks like content transported over CONNECT isn't scanned anymore,
theremore malicous code can be transported.
See also
http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051
They published some hints how to test and had setup web servers on
port 444 and 44444 containing the eicar.com file for checks.
Peter Bieringer
--==========1818399384==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8doyre1eqe5WPQi0RAtHFAJ9T/5QLqCGBOoFspxGDM6TbRY8RZgCfYXYb
uaxujnHrnsR6GFdtxrh259A=
=yeiB
-----END PGP SIGNATURE-----
--==========1818399384==========--
