Vulnerability Development mailing list archives
WebWasher
From: j nickson <jnickson () TOGETHER NET>
Date: Mon, 9 Oct 2000 23:00:07 -0400
WebWasher is a proxy server for Win/xx systems with 3 million users (not downloads according to their web site - 9 OCT 00). Webwasher filters graphics and defeats "webbugs" and double-click commercials, enhancing privacy and bandwidth efficiency. With the webbug publicity WebWasher's download rate seems to be accelerating. The problem is that it establishes a general http proxy server that anyone connected may use. This may present an opportunity for anonymous browsing for people with nefarious purposes and a possible problem for the evidentiary credibility of Carnivore/Omnivore/NoSuchAnimal records if the target has allowed proxy use by mistake or design. This is neither a WebWasher design nor implementation problem, WebWasher has more than met standards by having a click the box to allow/disallow server use and it apparently defaults to disallow. However with an increasing number of home networks many will "allow server" to let family members share a high speed line. Again this is not a problem if a firewall has been correctly configured. But home network firewalls are least likely to be configured correctly. Ergo: There is likely to be a significant number of SOHO networks with wide open proxy servers. There is likely to be an increase in probes on 8080 and an increase in anonymous browsing. Does this work? Of course it does, it is straightforward TCP/IP proxy use. Besides I stripped my firewall off one system, call it system A, set WebWasher to serve and attached to the net. Then I dialed another system, B, into a different ISP and directed Netscape to use A's temporary IPAddr.:8080 for a proxy and then went to Yahoo. When I was getting Yahoo on B there was activity on system A's modem and when I was not there was no activity. I did not snif-log to force the proof, but all the signs are that the proxy mechanism worked just as it always does and dual ISP connections for anonymous surfing are quite feasible if not easy. It remains an exercise for the reader to use EQL (or is it EQU?) to attach to several proxies simultaneously so as to avoid detection by multiplexed trickle bandwidth stealing. It would be very interesting to have samples from a DSL provider testing the percentage of users who were making a proxy server available to general use. Perhaps a cable company or MCI could enlighten us on the degree of the problem by sampling their employees' home systems. If I have not gotten the wrong end of the stick somehow, I suggest that all security experts be sure that they recommend to clients that WebWasher always be combined with a firewall, and that the firewall setup be checked periodically. Beyond that, it might be wise for corporate environments to use a program as Mr. Steve Gibson has prepared to check vulnerabilities on employees' home systems. Mr. Gibson might be coerced into providing a product with sufficient motivation. www.grc.com Beyond that perhaps it is time for ISPs to consider preventative port scans, if the user has consented. I think that this suggestion may stimulate some lively discussion; I hope so. But it might be time. J ------------------------------------------------- James Nickson, CDP voice: 603-256-8055 10 Merrifield, W. Chesterfield, NH, 03466-3131
Current thread:
- WebWasher j nickson (Oct 09)
- <Possible follow-ups>
- Re: WebWasher Hostie Stephan (Oct 10)
- Re: WebWasher Joe (Oct 10)
- Re: WebWasher Soeren Mueller (Oct 11)