[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004201c3ae01$3a0aea20$051f10ac@bitchin>
From: mfratto at nwc.com (Mike Fratto)
Subject: Sidewinder G2
I love a challenge.
> proven it hasn't been compromised. If someone can prove
> they've broken through one OTHER than through the stupidity
> of someone configuring a rule wrong, I'd sure love to hear
> about it.
This wasn't a root level attack on the Sidewinder host, but an attack
through it via the transparent HTTP application proxy.
Basically, version 4.1 failed to do actually do HTTP syntax checking making
the HTTP proxy a generic proxy in function. So all the HTTP protocol
violation style attacks weren't blocked at all. Proved it using tools off
packetstorm. Told SCC about it and proved it to them as well. Then they
verified the problem and issued a patch some months later.
Make sure those protection features are actually doing what they claim
folks.
http://www.networkcomputing.com/1106/1106f16.html?ls=NCJS_1106rt
mike
Powered by blists - more mailing lists