The idea of IP based penetration is also flawed, in that you'd get the
default domain of the box anyways. Unless that default domain has an
index page to give you a choice of virtual hosts (and many/most don't),
you wouldn't be able to access the desired http://www.juicysex.com anyways.
-b
On Mon, 26 Mar 2001 06:01:48 PST, Ben Ford [EMAIL PROTECTED] said:
The idea of IP based penetration is also flawed, in that you'd get the
default domain of the box anyways. Unless that default domain has an
index page to give you a choice of virtual hosts (and many/most don't),
you wouldn't
It seems to be that either the product itself is broken, or the underlying
library.
IMHO, content filtering does not relate to security; I choose to post on
this thread because it's obvious that the products are broken.
Disclaimer: I have not seen the source code for any
On Fri, 23 Mar 2001, Dan Harkless wrote:
A URL containing an IP address is not canonical for HTTP. HTTP 1.1 does
virtual hosting via the "Host:" header, so multiple distinct servers can be
on a single IP. If you restrict based on IP, you'll block access to both
http://www.juicysex.com/ and
Paul Cardon [EMAIL PROTECTED] writes:
Whatever software is doing that should be converting the "hostname"
into something it can match. A small amount of translation never
goes astray. When that is done, evrything is either a hostname or
a dotted-quad string and life is much easier.
In some mail from Chris St. Clair, sie said:
Another way to bypass other URL filtering software is to convert
the IP octets into hex using 0xnnn representation. I've been working
with other vendors for a fix on this and will be posting a more
detailed followup regarding the software I've
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
As for an interim fix, it depends on the software and how flexible
it is. Some will let you block certain regex's, some won't. If it
does support regex's, the actual regex will depend on the different
Darren Reed wrote:
In some mail from Chris St. Clair, sie said:
As for an interim fix, it depends on the software and how flexible
it is. Some will let you block certain regex's, some won't. If it
does support regex's, the actual regex will depend on the different
combinations you can
]On Behalf Of
Witter, Franklin
Sent: Tuesday, March 20, 2001 12:07 PM
To: [EMAIL PROTECTED]
Subject: SurfControl Bypass Vulnerability
"Chris St. Clair" [EMAIL PROTECTED] writes:
0xc0.168.1.1
Coming up with an effective regex to match that might be tough.
Not really. Here's a Perl regexp that matches the general syntax:
/^(0x[\dA-F]+|\d+)(\.(0x[\dA-F]+|\d+)){3}$/i
Strings matching this regexp can be converted
: RE: SurfControl Bypass Vulnerability
is this with a particular version, I tried it and as usual it lets me
'bypass' the first time but not any subsequent attempts, and if I use the
octal format on one computer, a second or any subsequent computers will
NOT get to the site.
-Original
-Original Message-
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of
Witter, Franklin
Sent: Tuesday, March 20, 2001 12:07 PM
To: [EMAIL PROTECTED]
Subject: SurfControl Bypass Vulnerability
It appears that there is yet another way to bypass the site blocking feature
of SurfControl
Another way to bypass other URL filtering software is to convert
the IP octets into hex using 0xnnn representation. I've been working
with other vendors for a fix on this and will be posting a more
detailed followup regarding the software I've been testing as soon
as the various vendors provide
It appears that there is yet another way to bypass the site blocking feature
of SurfControl for MS Proxy.
Our configuration:
We have set up our rules to deny access to anyone attempting to reach sites
classified as Adult/Sexually Explicit, Hacking, etc.
That would mean that anyone trying to
14 matches
Mail list logo
