[27643] in bugtraq
Bypassing website filter in SonicWall
daemon@ATHENA.MIT.EDU (Marc Ruef)
Tue Oct 29 18:09:07 2002
Message-ID: <3DBEE338.9CA1497@computec.ch>
Date: Tue, 29 Oct 2002 20:36:24 +0100
From: Marc Ruef <marc.ruef@computec.ch>
MIME-Version: 1.0
To: bugtraq@securityfocus.com, news@securiteam.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach
the website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website. The same issue I've discovered for NetGear FM114P in
http://online.securityfocus.com/bid/5667
It would make sense if you can do an internal nslookup. Otherwise the
user can do a workaround and adding always the ip address(es) of the
blocked websites. But this can cause some problems if there were some
virtual hostings. A smart attacker can use some dottless-ips to bypass
the new workaround IP filter. The box will sadly loose performance
because of the additional filter line(s).
My description was sent on 02/10/15 to info@sonicwall.com - No response
came back. The blocking URL message style and problem reminds my the
website blocking mechanism by NetGears FM114P. It could be that both
use the same mechanism (by a 3rd party?). So, if the bug is fixed for
one box the other will also be fixed - I think so.
Bye, Marc
--
Computer, Technik und Security
http://www.computec.ch
