Firewall Wizards mailing list archives
Re: SANS Top Ten and Commercial Firewalls
From: ark () eltex ru
Date: Fri, 4 Oct 2002 18:21:32 +0400
There are some "reasonable" length limitations, like limiting maximal http header size. As far as i remember, though, most cases of exploits that were unable to sneak through were some m$-specific url encoding abuses that are just unsupported by proxy. On Fri, Oct 04, 2002 at 10:26:38AM -0400, Paul D. Robertson wrote:
On Fri, 4 Oct 2002 ark () eltex ru wrote:Sometimes. It is often prevented _before_ vulnerability is known if the exploit breaks http protocol, otherwise you can block it with regexp.Every time I've looked at the protocol spec, it's been a sieve- there aren't length definitions in most of the specification. Could you provide some examples of things which break the protocol please? Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation
-- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SANS Top Ten and Commercial Firewalls, (continued)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls m p (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Ryan M. Ferris (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls ark (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Kevin Steves (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 04)