Penetration Testing mailing list archives
RE: By passing surf control
From: Lewis GySgt Richard C <LewisRC () 29palms usmc mil>
Date: Wed, 25 Feb 2004 14:13:47 -0800
Kuda, There is an exploit by changing the requested sites IP address to octal format. Read more here: http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00305.html There is also an exploit by sending the request in multiple packets. Read more here: http://www.securityfocus.com/bid/2910 There is another exploit by appending a "." to the end of the requested site. Read more here: http://www.securiteam.com/securityreviews/5SP010U0KQ.html Hope this helps, Richard Lewis GSEC, Security+, CCNA, MCP -----Original Message----- From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha () bankunitedfla com] Sent: Wednesday, February 25, 2004 1:04 PM To: 'pen-test () securityfocus com' Subject: By passing surf control Hello Group, Does anyone have any information on how to by pass a web content filter? We use Surf Control to monitor and filter web content. However, I have one of my users who was able to by pass this. We tried using a proxy to by pass just for testing purposes but it did not work. I am still trying to figure out what other method he used to do so. If anyone has any information , it will be greatly appreciated. Thanks Kuda **************************************************************************** ********************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. **************************************************************************** ********************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- By passing surf control Kudakwashe Chafa-Govha (Feb 25)
- Re: By passing surf control Dave Powell (Feb 26)
- <Possible follow-ups>
- RE: By passing surf control Lewis GySgt Richard C (Feb 25)
- RE: By passing surf control RMcElroy (Feb 25)
- RE: By passing surf control McNutt, Jacob (Feb 25)
- Re: By passing surf control Charles Hamby (Feb 26)
- Re: By passing surf control c3rb3r (Feb 27)
- Re: By passing surf control Charles Hamby (Feb 26)
- Re: By passing surf control dotnetter (Feb 26)
- Re: By passing surf control nee cee (Feb 26)
- RE: By passing surf control McNutt, Jacob (Feb 27)
- Re: By passing surf control thomas adams (Feb 27)
- Re: By passing surf control Omar Herrera (Feb 28)