Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall]
From: Peter Bieringer <pb () bieringer de>
Date: Fri, 22 Feb 2002 19:23:07 +0100

Hi,

sure this reply is also not posted on bugtraq :-(

but perhaps interesting for someone...

--On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt,
timo" <Timo.Proescholdt () brk-muenchen de> wrote:


It's not just Checkpoint Firewall that has a problem with HTTP
CONNECT.>
From what I can tell default installations of the CacheFlow web
proxy software, some Squid installations, some Apache
installations with proxying enabled, and some other web proxy
installations I haven't identified allow anyone to use the HTTP
CONNECT method.  This is being

Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
configuration
switch to change this behaviour. 

I have confirmed today also 
Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182

and found two interesting points, too:

1) if used also for SMTP, a firewall cannot block CONNECT to port 25
anymore. Solution: split installation to different machines (TM
license allows this).

2) Looks like content transported over CONNECT isn't scanned anymore,
theremore malicous code can be transported.

See also
http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051

They published some hints how to test and had setup web servers on
port 444 and 44444 containing the eicar.com file for checks.

        Peter Bieringer

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault