Re: WCCP security issue

[killy <killfactory () gmail com>]

Which version of WCCP?

Version 1, depending on the configuration, you can simply use http(s)
instead of http and never be directed to the proxy.

On 5/22/07, mickael kael <mickael.kael () gmail com> wrote:
> Hello all,
>
> Does anyone is aware about WCCP design vulnerability ?. I am wondering
> if it is possible to send bad WCCP response to a router  for bypassing
> proxy check ?
>
> From cisco :
> "Web Cache Packet Return
>
> If a cache engine is unable to provide a requested object it has
> cached due to error or overload, the cache engine will return the
> request to the router for onward transmission to the originally
> specified destination server. WCCPv2 provides a check on packets that
> determines which requests have been returned from the cache engine
> unserviced. Using this information, the router can then forward the
> request to the originally targeted server (rather than attempting to
> resend the request to the cache cluster). This provides error handling
> transparency to clients."
>
> Thanks in advance for your information,
>
> Best regards,
>
> Mk,


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke