Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: Andrew Moran <amoran () NOMAD NET AU>
Date: Fri, 23 Mar 2001 14:07:23 +1100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-Type: text/plain; charset=us-ascii
As for an interim fix, it depends on the software and how flexible it is. Some will let you block certain regex's, some won't. If it does support regex's, the actual regex will depend on the different combinations you can use to represent the IP octets. For example, a combination of hex, octal, and regular decimal: 0xc0.168.000000001.1 Coming up with an effective regex to match that might be tough. -chris _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
I'm using Squid 2.3.STABLE3 for URL filtering and this workaround doesn't seem to work. *I think* Squid treats it as a hostname (because it isn't in the xxx.xxx.xxx.xxx format?) and thus cannot resolve it, producing a DNS error. I tried www.sex.com (209.81.7.21), which is blocked, and Squid returns: - ----------------- While trying to retrieve the URL: http://00000000321.0000000121.000000007.00000 00025/ The following error was encountered: Unable to determine IP address from host name for 00000000321.0000000121.000000007.0000000025 The dnsserver returned: Name Error: The domain name does not exist. - ------------------ This is access.log: 985316877.011 4 172.28.5.237 TCP_MISS/503 1269 GET http://00000000321.0000000121.000000007.0000000025/ - DIRECT/00000000321.0000000121.000000007.0000000025 - And yes, the octal string works with nslookup -Andrew. - -- Andrew Moran Internetworking/UNIX Systems Engineer Nomad Telecommunications mailto:amoran () nomad net au Ph: +61 3 9520 7825 Fx: +61 3 9520 7851 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Exmh version 2.1.1 10/15/1999 (debian) iD8DBQE6ur3rD62KcsHh/L0RAk/iAKCOYejhuWisLW32tJam4PAdg7PKiwCgl0nl uhMlO+1dMOYsLpsrgquD0mE= =3dMa -----END PGP SIGNATURE-----
Current thread:
- Re: SurfControl Bypass Vulnerability, (continued)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)