RE: By passing surf control

["McNutt, Jacob" <JMcNutt () universalaccess net>]

It might work assuming you're not hosting multiple websites off of one IP address (HTTP URL headers would be required 
them).  I also would think the firewall doing the URL redirect to the monitoring server would be sending the octet 
version of the IP address, so it would just get changed back to a monitored IP anyway. 

-----Original Message-----
From: Charles Hamby [mailto:fixer () gci net] 
Sent: Wednesday, February 25, 2004 7:15 PM
To: McNutt, Jacob
Cc: Kudakwashe Chafa-Govha; pen-test () securityfocus com
Subject: Re: By passing surf control

Have you tried checking to see if IP address obfuscation works?

In case anyone's not familair with this...

Using http://www.amazon.com as an example.  If I wanted to go there but it was blocked, I would find out what the IP 
address of www.amazon.com is (say using ping).

In this case it happens to be 207.171.181.16.  I would then convert each octet into hex individually.  (207 is CF, 171 
is AB, 181 is B5 and 16 is 10) Then I would put CFABB510 into my calculator (Windows calculator works just fine for 
this, by the way) and conver it to decimal again.  I would come up with 3484136720 I would open up my web browser and 
put in http://3484136720 and up comes Amazon.com.

Charles Hamby

McNutt, Jacob wrote:

> SSH tunneling/port forwarding to a proxy might work if they have access to it.  Also, we have a problem with AOL 
> client browsers that can bypass Websense all together.
>
> -----Original Message-----
> From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha () bankunitedfla com]
> Sent: Wednesday, February 25, 2004 3:04 PM
> To: pen-test () securityfocus com
> Subject: By passing surf control
>
> Hello Group,
>
>
> Does anyone have any information on how to by pass a web content filter? We use Surf Control to monitor and filter web 
> content. However, I have one of my users who was able to by pass this. We tried using a proxy to by pass just for 
> testing purposes but it did not work. I am still trying to figure out what other method he used to do so. If anyone 
> has any information , it will be greatly appreciated.
>
> Thanks
>
> Kuda
>
> ***********************************************************************
> *************************** The contents of this email and any 
> attachments are confidential.
> It is intended for the named recipient(s) only.
> If you have received this email in error please notify the system manager or the sender immediately. Unless you are 
> the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use 
> or retain this message or any part of it. 
> ***********************************************************************
> ***************************
>
>
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
> -----
>
>
>
>
> -----------------------------------------------------------------------
> ----
> -----------------------------------------------------------------------
> -----
>
>
>  





---------------------------------------------------------------------------
----------------------------------------------------------------------------