Full Disclosure mailing list archives
RE: Sidewinder G2 Thanks and a question or two
From: "Mike Fratto" <mfratto () nwc com>
Date: Wed, 19 Nov 2003 13:37:08 -0500
Basically, version 4.1 failed to do actually do HTTP syntax checkingmakingthe HTTP proxy a generic proxy in function. So all the HTTP protocol violation style attacks weren't blocked at all. Proved it using toolsoffpacketstorm. Told SCC about it and proved it to them aswell. Then theyverified the problem and issued a patch some months later.This was VERY disturbing. Kind of makes Secure's claim look pretty stupid. Tried it on any other boxes? Apparetntly secure computing expected the web proxy to be in full use. Fortunately, we are a small enough operation to do exactly that.
I have tested this on subsequent versions and the problem has not resurface. It was a bug that was corrected. I have also tested the HTTP, FTP, SMTP, DNS, SQL*Net proxies for protocol violations, overlly long headers (configurable in the proxy settings to some extent), proprely handling dynamic protocls like ftp and SQL*Net and everything worked as advertised. There are, of course, limitations in the proxies and won't stop all attacks, but I am pretty confident that it will block attacks passing through the firewall that violate the protocol.
They seem very confident about the integrity of their jails and told me I had nothing to worry about even if a hacker broke into a root shell in one of them. I am not convinced that this would be, to quote the late great Douglas Addams, "mostly harmless".
If you want to get a look at type-enforcement, grab a copy of SE linux http://www.nsa.gov/selinux/. Secure computing secos is the foundation of it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sidewinder G2 Thanks and a question or two Daniel Sichel (Nov 19)
- RE: Sidewinder G2 Thanks and a question or two Mike Fratto (Nov 19)