Hi David (Mnemonix?):
Your statement is true, if you use MSP's default HTTP filter.
However, I wonder if your attack would work if a more robust packet
filter was configured on the server, i.e., an incoming filter that
directs requests to port 80 on the server to port 80 on the designated
webserver's IP address. The default filter does not do any filtering
on the destination IP address / port, and allows incoming requests on
port 80 to reach any internal address/port combination (note: would be
difficult to do so with a "default" filter, as MSP does not know what
the destination IP address is until you actually configure web
publishing :-)).
I'm away from the office at the moment, so I can't confirm whether or
not the more robust filter I proposed above would work.
Regards,
Brian Steele
-----Original Message-----
From: mnemonix <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, December 23, 1998 1:18 PM
Subject: Re: Let the Games Begin!
>Brian Steele wrote:>
>>Mnemonix' version will work only under certain circumstances (no
packet
>filtering on a
>>Proxy Server connected to the Internet? - duh!).
>
>Hi,
>I'd like to point out this is not the only circumstance when MS-Proxy
2 (see
>http://www.infowar.co.uk/mnemonix/proxy.htm ) is vulnerable.
>
>You can have packet filtering enabled but if you use the underlying
Internet
>Informatuon Server to publish web pages to the Internet you must
allow
>incoming HTTP requests over TCP port 80. You can block all other
incoming
>and still be broken into if you allow this traffic to reach the
Proxy.
>
>Cheers,
>David Litchfield
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
