mailing list archives
RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]
From: Peter Bieringer <pb () bieringer de>
Date: Fri, 22 Feb 2002 19:23:07 +0100
sure this reply is also not posted on bugtraq :-(
but perhaps interesting for someone...
--On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt,
timo" <Timo.Proescholdt () brk-muenchen de> wrote:
It's not just Checkpoint Firewall that has a problem with HTTP
From what I can tell default installations of the CacheFlow web
proxy software, some Squid installations, some Apache
installations with proxying enabled, and some other web proxy
installations I haven't identified allow anyone to use the HTTP
CONNECT method. This is being
Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
switch to change this behaviour.
I have confirmed today also
Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182
and found two interesting points, too:
1) if used also for SMTP, a firewall cannot block CONNECT to port 25
anymore. Solution: split installation to different machines (TM
license allows this).
2) Looks like content transported over CONNECT isn't scanned anymore,
theremore malicous code can be transported.
They published some hints how to test and had setup web servers on
port 444 and 44444 containing the eicar.com file for checks.