Bugtraq mailing list archives

Re: By-passing MS Proxy 2.0 and others packet filtering

From: mbehr () NH SECUREPIPE COM (Marc D. Behr)
Date: Fri, 9 Oct 1998 08:31:42 -0400


-----BEGIN PGP SIGNED MESSAGE-----



In message <E0zRAWY-0003iT-00 () sand2 global net uk>, Mnemonix writes:

Okay - to make everything more clear



Firstly it seems that most web-based proxies, not just MS Proxy, are
susceptible to this kind of attack. Thanks to Greg Jones and others for
doing some testing on this.



It is true that most improperly configured web proxy servers can be exploited
to allow you to access any service on a remote system. The key statement here
is "improperly configured".

At a previous job at a network equipment manufacturer, I was responsible to
the administration of the web servers and proxies. I installed rules on the
proxy server that indicated what ports I would allow people to connect to on
remote systems. The proxy was configured to allow connections only to ports
70,80-89,8000-8090 on the remote servers (I think that was all, but my memory
may have missed a few).

If a user attempted to access a server that was running on a different port,
they would get a message indicating that access was being denied to this
server/port and that if they needed access, they should contact "The Web
Police". We could then determine if a special case rule was necessary to allow
access.

This is a reminder that if your firewall policy is to deny anything that is
not specifically allowed, you need to remember to implement this exact same
policy on your proxy server if you wish to maintain security.

I would also recommend that you do NOT run a proxy server on port 80. Pick
some other port in the 81-89 range and ensure that your proxy is configured to
allow connections from  inside addresses only (even if you have installed
packet filtering rules to do the same). I always like to assume that
everything else is broken and repeat the rules where I can.

Marc

- --
Marc D. Behr                                    mbehr () nh securepipe com
SecurePipe Communications, LLC
PGP Key ID: 0x0D8A666F
Fingerprint16: 0B E0 30 14 E0 CF 3C 4C  D6 37 87 E2 D6 E5 88 E0




-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNh4CLdnuRAINimZvAQEpQAf/ZlO76maXS/CBKyBAixONlD3uGFuQHZLG
PsT2fAhcPbgLwNmqA+NcsQPeFH5eK1jj1iodQ2vBRfoS8pNDMpLqMbGS5E8pxfwX
A+PPUymvqy/weyD0gvvnpecjOtbbjkINWQJDVMafaZxBoUr46oRAePdfD2H8l6ID
s+taFT08V9FelBfbqGvNcG0kaDkUQ64oopEfA8dEd++QlSW0uAVoRcG6m52G1jXn
uz9ejxwH6cXftDLDcp0yn3t2lydaH8kJsDNwxrfO9PavT/Ma6T7aaJNC1fiWLTv9
+WrFHqvjTvJ0uoVfp9ftSvwFh4qRXzbYOheYvi/qbcr2yr8MO3Nj1w==
=Q3Nu
-----END PGP SIGNATURE-----

Current thread:

By-passing MS Proxy 2.0 and others packet filtering Mnemonix (Oct 08)
- Lotus Domino application vulnerability Weld Pond (Oct 08)
- Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering Jean-Christophe Touvet (Oct 08)
  - Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering Gus (Oct 13)
  - Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering Peter van Dijk (Oct 13)
    - Re: [NTSEC] By-passing MS Proxy 2.0 and others packet filtering Kevin Way (Oct 14)
    - Secure Locate v1.2 klindsay (Oct 14)
- Re: By-passing MS Proxy 2.0 and others packet filtering Marc D. Behr (Oct 09)
- DoS attack in MS - Proxy 2.0 Mnemonix (Oct 09)