[Full-Disclosure] Sidewinder G2 Thanks and a question or two
mfratto at nwc.com
Wed Nov 19 18:37:08 GMT 2003
> >Basically, version 4.1 failed to do actually do HTTP syntax checking
> >the HTTP proxy a generic proxy in function. So all the HTTP protocol
> >violation style attacks weren't blocked at all. Proved it using tools
> >packetstorm. Told SCC about it and proved it to them as
> well. Then they
> >verified the problem and issued a patch some months later.
> This was VERY disturbing. Kind of makes Secure's claim look
> pretty stupid. Tried it on any other boxes? Apparetntly
> secure computing expected the web proxy to be in full use.
> Fortunately, we are a small enough operation to do exactly that.
I have tested this on subsequent versions and the problem has not resurface.
It was a bug that was corrected. I have also tested the HTTP, FTP, SMTP,
DNS, SQL*Net proxies for protocol violations, overlly long headers
(configurable in the proxy settings to some extent), proprely handling
dynamic protocls like ftp and SQL*Net and everything worked as advertised.
There are, of course, limitations in the proxies and won't stop all attacks,
but I am pretty confident that it will block attacks passing through the
firewall that violate the protocol.
>They seem very confident about
> the integrity of their jails and told me I had nothing to
> worry about even if a hacker broke into a root shell in one
> of them. I am not convinced that this would be, to quote the
> late great Douglas Addams, "mostly harmless".
If you want to get a look at type-enforcement, grab a copy of SE linux
http://www.nsa.gov/selinux/. Secure computing secos is the foundation of it.
Full-Disclosure is hosted and sponsored by Secunia.