Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: "Riad S. Wahby" <rsw () MIT EDU>
Date: Thu, 22 Mar 2001 16:34:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Chris St. Clair" <chris_stclair () HOTMAIL COM> wrote:
0xc0.168.000000001.1 Coming up with an effective regex to match that might be tough.
Preposterous. That the above is interpreted correctly by the browser is proof that it can be interpreted by filtering software. The problem here is that you are trying to filter the syntactic representation instead of the semantic one, while the browser is able to interpret the latter. Clearly, if the browser has some way of converting from 0xc0.160.0000000001.1 into 0xC0A00101, the filtering software can do the same. The filtering software, then, must have an internal representation of sites to block by address that corresponds to the output of an interpreter (i.e. a syntax->semantics converter) which is able to convert addresses in the same way that the browser does. - -- Riad Wahby rsw () mit edu MIT VI-2/A 2002 5105 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6unADyORnZ6qsmZQRAnBPAJ9tcC0tTw4rvUAprmGh+Vix59DKygCfae5A crqqbLihpYY2vXSI8E2HE2w= =muK9 -----END PGP SIGNATURE-----
Current thread:
- Re: SurfControl Bypass Vulnerability, (continued)
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)