Bugtraq mailing list archives

Re: SurfControl Bypass Vulnerability

From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
Date: Thu, 22 Mar 2001 15:18:15 -0000

Another way to bypass other URL filtering software is to convert
the IP octets into hex using 0xnnn representation. I've been working
with other vendors for a fix on this and will be posting a more
detailed followup regarding the software I've been testing as soon
as the various vendors provide fixes.

As for an interim fix, it depends on the software and how flexible
it is. Some will let you block certain regex's, some won't. If it
does support regex's, the actual regex will depend on the different
combinations you can use to represent the IP octets. For example,
a combination of hex, octal, and regular decimal:
0xc0.168.000000001.1

Coming up with an effective regex to match that might be tough.

-chris
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Current thread:

SurfControl Bypass Vulnerability Witter, Franklin (Mar 21)
- Re: SurfControl Bypass Vulnerability skelly (Mar 22)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- <Possible follow-ups>
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
  - Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
    - Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
    - Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
    - Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
    - Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
    - Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
    - Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
  - Re: SurfControl Bypass Vulnerability Andrew Moran (Mar 23)
  - Re: SurfControl Bypass Vulnerability Riad S. Wahby (Mar 23)
  - Re: SurfControl Bypass Vulnerability Dag-Erling Smorgrav (Mar 23)

(Thread continues...)