Full Disclosure mailing list archives
Re: Zone Alarm
From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Fri, 13 Jun 2003 14:01:27 -0400 (EDT)
On Fri, 13 Jun 2003, Stephane Nasdrovisky wrote:
Squid (and probably others) can filter accesses based on the user agent. Some network firewall (as opposed to personal ones) can be configured to filter accesses based on the user agent header. As you know, every peace of software trying to access internet through a proxy advertise its flavour using the user agent header, and the user agent header is very hard to spoof :-)
I am guessing what you mean by software is web browser? I can recompile mozilla/konqueror/lynx to say whatever I want as a user-agent. I think opera lets you masquerade as which ever browser you want IE/netscape etc... You can connect to an http server will telnet and do a: GET / HTTP/1.0 User-Agent: Bubba-joe-Browser1.1a see RFC 1945/2068 on the http protocol. Why even bother putting in a User-Agent? You dont have to. If the server is trusting the client for information, well you make the client give whatever information you want if you have sufficent access to it. -- La _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Zone Alarm, (continued)
- Re: Zone Alarm Shawn McMahon (Jun 05)
- RE: Zone Alarm JT (Jun 05)
- Re: Zone Alarm Shawn McMahon (Jun 05)
- RE: Zone Alarm Robert J. Liebsch (Jun 04)
- Re: Re: Zone Alarm Eric N. Valor (Jun 04)
- Re: Zone Alarm Michael Reilly (Jun 04)
- RE: Re: Zone Alarm Schmehl, Paul L (Jun 04)
- RE: Zone Alarm Ben Tyson-Norrman (Jun 05)
- AW: Zone Alarm Michael Linke (Jun 05)
- RE: Zone Alarm Myers, Marvin (Jun 05)
- Re: Zone Alarm Stephane Nasdrovisky (Jun 13)
- Re: Zone Alarm Larry W. Cashdollar (Jun 13)
- Re: Zone Alarm Larry W. Cashdollar (Jun 13)
- Re: Zone Alarm Larry W. Cashdollar (Jun 13)