Re: Let the Games Begin!

Thu, 24 Dec 1998 13:52:31 -0500 

Hi Brian,
I'd agree with you completely - Proxy in itself is hardly the most secure
way to protect your network. With our (my company's) clients I'll advise
them to use a Firewall (eg FW-1) in conjunction with MSP.  Proxy, IMO, is
good only for web-caching.

David Litchfield (Mnemonix)
-----Original Message-----
From: Brian Steele [SPICEISLE] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, December 23, 1998 10:32 PM
Subject: Re: Let the Games Begin!


>Hi David (Mnemonix?):
>
>Your statement is true, if you use MSP's default HTTP filter.
>However, I wonder if your attack would work if a more robust packet
>filter was configured on the server, i.e., an incoming filter that
>directs requests to port 80 on the server to port 80 on the designated
>webserver's IP address. The default filter does not do any filtering
>on the destination IP address / port, and allows incoming requests on
>port 80 to reach any internal address/port combination (note: would be
>difficult to do so with a "default" filter, as MSP does not know what
>the destination IP address is until you actually configure web
>publishing :-)).
>
>I'm away from the office at the moment, so I can't confirm whether or
>not the more robust filter I proposed above would work.
>
>
>Regards,
>Brian Steele
>
>-----Original Message-----
>From: mnemonix <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Date: Wednesday, December 23, 1998 1:18 PM
>Subject: Re: Let the Games Begin!
>
>
>>Brian Steele wrote:>
>>>Mnemonix' version will work only under certain circumstances (no
>packet
>>filtering on a
>>>Proxy Server connected to the Internet? - duh!).
>>
>>Hi,
>>I'd like to point out this is not the only circumstance when MS-Proxy
>2 (see
>>http://www.infowar.co.uk/mnemonix/proxy.htm ) is vulnerable.
>>
>>You can have packet filtering enabled but if you use the underlying
>Internet
>>Informatuon Server to publish web pages to the Internet you must
>allow
>>incoming HTTP requests over TCP port 80. You can block all other
>incoming
>>and still be broken into if you allow this traffic to reach the
>Proxy.
>>
>>Cheers,
>>David Litchfield
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to