Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SANS Top Ten and Commercial Firewalls

From: ark () eltex ru
Date: Fri, 4 Oct 2002 18:21:32 +0400
There are some "reasonable" length limitations, like limiting maximal
http header size. 

As far as i remember, though, most cases of exploits that were
unable to sneak through were some m$-specific url encoding abuses that are
just unsupported by proxy.

On Fri, Oct 04, 2002 at 10:26:38AM -0400, Paul D. Robertson wrote:

On Fri, 4 Oct 2002 ark () eltex ru wrote:


Sometimes. It is often prevented _before_ vulnerability is known if 
the exploit breaks http protocol, otherwise you can block it with regexp.


Every time I've looked at the protocol spec, it's been a sieve- there 
aren't length definitions in most of the specification.  Could you provide 
some examples of things which break the protocol please?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation


-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: