Home page logo

bugtraq logo Bugtraq mailing list archives

RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]
From: Peter Bieringer <pb () bieringer de>
Date: Fri, 22 Feb 2002 19:23:07 +0100


sure this reply is also not posted on bugtraq :-(

but perhaps interesting for someone...

--On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt,
timo" <Timo.Proescholdt () brk-muenchen de> wrote:

It's not just Checkpoint Firewall that has a problem with HTTP
From what I can tell default installations of the CacheFlow web
proxy software, some Squid installations, some Apache
installations with proxying enabled, and some other web proxy
installations I haven't identified allow anyone to use the HTTP
CONNECT method.  This is being

Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
switch to change this behaviour. 

I have confirmed today also 
Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182

and found two interesting points, too:

1) if used also for SMTP, a firewall cannot block CONNECT to port 25
anymore. Solution: split installation to different machines (TM
license allows this).

2) Looks like content transported over CONNECT isn't scanned anymore,
theremore malicous code can be transported.

See also

They published some hints how to test and had setup web servers on
port 444 and 44444 containing the eicar.com file for checks.

        Peter Bieringer

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]