Re: SurfControl Bypass Vulnerability

[Don Weber <Don () AIRLINK COM>]

is this with a particular version, I tried it and as usual it lets me
'bypass' the first time but not any subsequent attempts, and if I use the
octal format on one computer, a second or any subsequent computers will
NOT get to the site.


-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Witter, Franklin
Sent: Tuesday, March 20, 2001 10:07 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: SurfControl Bypass Vulnerability


It appears that there is yet another way to bypass the site blocking
feature
of SurfControl for MS Proxy.

Our configuration:

We have set up our rules to deny access to anyone attempting to reach
sites
classified as Adult/Sexually Explicit, Hacking, etc.
That would mean that anyone trying to reach www.blockedsite.com would
normally be denied access to the site.

The workaround:

1.  First, do an nslookup on www.blockedsite.com to get the IP address of
the site -- xxx.xxx.xxx.xxx
2.  Next, convert each octet to an octal number using the windows
calculator
-- yyy.yyy.yyy.yyy
3.  Insert eight (8) leading zeros in the first and third octets and seven
(7) leading zeros in the second and fourth octets --
00000000yyy.0000000yyy.00000000yyy.0000000yyy
4.  Type the modified octets into your browser's address bar and, viola!,
your are successfully bypassing the SurfControl filter.

I have contacted SurfControl about this but have had no response.

If anyone has any suggestions for correcting this vulnerability, please
let
me know.

Franklin Witter
Network Security Specialist II
252-246-3546
fax:  252-246-3463
e-mail:  FWitter () BBandT com

Attachment: smime.p7s
Description: