Dailydave mailing list archives
Re: Evasion
From: J B <kybrdcowboy () gmail com>
Date: Fri, 27 May 2005 13:54:21 -0700
I don't know if this is a vulnerability, or a bug for that matter. I think it could be a feature. Theoretically, couldn't this be used to monitor different settings etc, without getting noticed too much? J On 5/25/05, Kyle Quest <Kyle.Quest () networkengines com> wrote:
Here's one of the things I discovered experimenting with ISA 2004 Server. It's an evasion technique that can be used to bypass its header filters and header signatures. It can be achieved by folding HTTP headers, so if somebody, for example, has a signature to block HTTP traffic that contains header X with value Y it would be bypassed if an attacker folds the value Y onto the next line. I believe that it may also apply to SOME Snort signatures too due to the way the HTTP signature are usually created (some of the signatures rely on the end of line marker). I thought Dave might enjoy this bit of information He's a big fan of evading stuff :-) Just curious... would you call this evasion technique a vulnerability in the ISA product? Kyle _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Evasion Kyle Quest (May 25)
- Re: Evasion J B (May 27)