Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Fri, 23 Mar 2001 09:55:08 +1100
In some mail from Chris St. Clair, sie said:
Another way to bypass other URL filtering software is to convert the IP octets into hex using 0xnnn representation. I've been working with other vendors for a fix on this and will be posting a more detailed followup regarding the software I've been testing as soon as the various vendors provide fixes. As for an interim fix, it depends on the software and how flexible it is. Some will let you block certain regex's, some won't. If it does support regex's, the actual regex will depend on the different combinations you can use to represent the IP octets. For example, a combination of hex, octal, and regular decimal: 0xc0.168.000000001.1 Coming up with an effective regex to match that might be tough.
See, that's the wrong approach to take, IMHO. Whatever software is doing that should be converting the "hostname" into something it can match. A small amount of translation never goes astray. When that is done, evrything is either a hostname or a dotted-quad string and life is much easier. Darren
Current thread:
- SurfControl Bypass Vulnerability Witter, Franklin (Mar 21)
- Re: SurfControl Bypass Vulnerability skelly (Mar 22)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- <Possible follow-ups>
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)