Bugtraq mailing list archives
RE: Bypassing website filter in SonicWall
From: "Brian J. Gaia" <bjgaia () PerfectAngel org>
Date: Wed, 30 Oct 2002 22:47:56 -0500
That weakness would exist in any product that filters by domain name, because many of them will not perform a reverse DNS lookup. This would be the behavior of most home products (such as Cyberpatrol) which allow an administrator to specify forbidden domains, but if I wanted to see the site bad enough I would just ping/tracert/etc to get the IP address. In most cases the filter will not capture the IP address because all the admin knew to enter was the domain name. SonicWall could (and should) resolve this by adding Reverse DNS lookup to the Forbidden Domains list. That would possibly slow down Internet traffic on the LAN side but the admin could disable it if they wish. Also if the reverse DNS fails it could give the admin the option to block the site or allow it anyway. Brian J. Gaia Print Shop & Information Systems Assistant Webmaster, Pure and Undefiled Religion (PURE) Church of the Open Door -----Original Message----- From: Marc Ruef [mailto:marc.ruef () computec ch] Sent: Tuesday, October 29, 2002 2:36 PM To: bugtraq () securityfocus com; news () securiteam com Subject: Bypassing website filter in SonicWall Hi! I found a little weakness in SonicWall: I turn on the blocking mechanism for websites (e.g. www.google.com). Now I can't reach the website using the domainname. But if I choose the IP address of the host (e.g. http://216.239.53.101/), I can contact the forbidden website. The same issue I've discovered for NetGear FM114P in http://online.securityfocus.com/bid/5667 It would make sense if you can do an internal nslookup. Otherwise the user can do a workaround and adding always the ip address(es) of the blocked websites. But this can cause some problems if there were some virtual hostings. A smart attacker can use some dottless-ips to bypass the new workaround IP filter. The box will sadly loose performance because of the additional filter line(s). My description was sent on 02/10/15 to info () sonicwall com - No response came back. The blocking URL message style and problem reminds my the website blocking mechanism by NetGears FM114P. It could be that both use the same mechanism (by a 3rd party?). So, if the bug is fixed for one box the other will also be fixed - I think so. Bye, Marc -- Computer, Technik und Security http://www.computec.ch
Current thread:
- RE: Bypassing website filter in SonicWall Brian J. Gaia (Nov 01)
- Re: Bypassing website filter in SonicWall Justin King (Nov 08)