Bugtraq mailing list archives
RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]
From: Peter Bieringer <pb () bieringer de>
Date: Fri, 22 Feb 2002 19:23:07 +0100
Hi, sure this reply is also not posted on bugtraq :-( but perhaps interesting for someone... --On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt, timo" <Timo.Proescholdt () brk-muenchen de> wrote:
It's not just Checkpoint Firewall that has a problem with HTTPCONNECT.>From what I can tell default installations of the CacheFlow web proxy software, some Squid installations, some Apache installations with proxying enabled, and some other web proxy installations I haven't identified allow anyone to use the HTTP CONNECT method. This is beingFinjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a configuration switch to change this behaviour.
I have confirmed today also Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182 and found two interesting points, too: 1) if used also for SMTP, a firewall cannot block CONNECT to port 25 anymore. Solution: split installation to different machines (TM license allows this). 2) Looks like content transported over CONNECT isn't scanned anymore, theremore malicous code can be transported. See also http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051 They published some hints how to test and had setup web servers on port 444 and 44444 containing the eicar.com file for checks. Peter Bieringer
Attachment:
_bin
Description:
Current thread:
- RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall] Proescholdt, timo (Feb 21)
- RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall] Peter Bieringer (Feb 22)
- RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall] Corey J. Steele (Feb 23)