Bugtraq mailing list archives
SurfControl Internet Monitoring/Blocking
From: <ndesai01 () tampabay rr com>
Date: 18 Jun 2001 23:49:34 -0000
I have been working with the people of SurfControl for a couple of weeks now and all they say is that they will submit it as a bug in the software and try to get a fix out in the next couple of months. So here goesÂ…. You can bypass the software by using a proxy sever before your traffic is looked at by SurfControl Super Scout. After talking with the people at SurfControl it has become apparent that you may bypass all of their software that is meant for Internet monitoring. I have not been able to test it though. They only look at packets that have the HTTP GET request and "Host:" information in it. If you split up the request so that HTTP GET request is not in the same packet as the "Host:" information then you will bypass the software. You can easily do this by using a proxy server before you get to the node that is doing the Internet monitoring. If you have Compaq PC's or servers that are not patched you can proxy off the Insite Manager software (http://www.compaq.com/support/files/server/us/dow nload/9609.html). If you have PERL installed you can use RFProxy, HTTPush or Pudding. These programs were intended for the testing of IDS evasion techniques but work wonders for Internet monitoring/blocking evasion. Neil
Current thread:
- SurfControl Internet Monitoring/Blocking ndesai01 (Jun 22)
- Re: SurfControl Internet Monitoring/Blocking Mike Ciavarella (Jun 25)