Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Mar 2001 14:00:18 -0500
On Mon, 26 Mar 2001 06:01:48 PST, Ben Ford <bford () ERISKSECURITY COM> said:
The idea of IP based penetration is also flawed, in that you'd get the default domain of the box anyways. Unless that default domain has an index page to give you a choice of virtual hosts (and many/most don't), you wouldn't be able to access the desired http://www.juicysex.com anyways.
Unless of course you find a way to get the Host: header set the way you
want, and the blocking software is only looking at the GET/POST/whatever
query.
Note that this may depend on the exact particulars of how the filter is
implemented, and may not be possible on a "standard" browser/filter
combination. But it's *not* safe to assume that "they can't get there
because there's no index page". That's just security-through-obscurity.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Attachment:
_bin
Description:
Current thread:
- SurfControl Bypass Vulnerability Witter, Franklin (Mar 21)
- Re: SurfControl Bypass Vulnerability skelly (Mar 22)
- Re: SurfControl Bypass Vulnerability Don Weber (Mar 22)
- <Possible follow-ups>
- Re: SurfControl Bypass Vulnerability Witter, Franklin (Mar 22)
- Re: SurfControl Bypass Vulnerability Chris St. Clair (Mar 22)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)
- Re: SurfControl Bypass Vulnerability Darren Reed (Mar 23)