Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SurfControl Bypass Vulnerability

From: "Riad S. Wahby" <rsw () MIT EDU>
Date: Thu, 22 Mar 2001 16:34:59 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Chris St. Clair" <chris_stclair () HOTMAIL COM> wrote:

0xc0.168.000000001.1

Coming up with an effective regex to match that might be tough.


Preposterous.  That the above is interpreted correctly by the browser
is proof that it can be interpreted by filtering software.

The problem here is that you are trying to filter the syntactic
representation instead of the semantic one, while the browser is able
to interpret the latter.  Clearly, if the browser has some way of
converting from 0xc0.160.0000000001.1 into 0xC0A00101, the filtering
software can do the same.

The filtering software, then, must have an internal representation of
sites to block by address that corresponds to the output of an
interpreter (i.e. a syntax->semantics converter) which is able to
convert addresses in the same way that the browser does.

- --
Riad Wahby
rsw () mit edu
MIT VI-2/A 2002

5105
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6unADyORnZ6qsmZQRAnBPAJ9tcC0tTw4rvUAprmGh+Vix59DKygCfae5A
crqqbLihpYY2vXSI8E2HE2w=
=muK9
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: