RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire wall]
From: Peter Bieringer (pb@bieringer.de)Date: 02/22/02
- Previous message: Tommaso Di Donato: "Re: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]"
- In reply to: Proescholdt, timo: "RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire wall]"
- Next in thread: Corey J. Steele: "RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire wall]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Feb 2002 19:23:07 +0100 From: Peter Bieringer <pb@bieringer.de> To: "Proescholdt, timo" <Timo.Proescholdt@brk-muenchen.de>, bugtraq@securityfocus.com
Hi,
sure this reply is also not posted on bugtraq :-(
but perhaps interesting for someone...
--On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt,
timo" <Timo.Proescholdt@brk-muenchen.de> wrote:
>
>> It's not just Checkpoint Firewall that has a problem with HTTP
> CONNECT.>
>> From what I can tell default installations of the CacheFlow web
>> proxy software, some Squid installations, some Apache
>> installations with proxying enabled, and some other web proxy
>> installations I haven't identified allow anyone to use the HTTP
>> CONNECT method. This is being
>
> Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan
> Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a
> configuration
> switch to change this behaviour.
I have confirmed today also
Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182
and found two interesting points, too:
1) if used also for SMTP, a firewall cannot block CONNECT to port 25
anymore. Solution: split installation to different machines (TM
license allows this).
2) Looks like content transported over CONNECT isn't scanned anymore,
theremore malicous code can be transported.
See also
http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051
They published some hints how to test and had setup web servers on
port 444 and 44444 containing the eicar.com file for checks.
Peter Bieringer
- application/pgp-signature attachment: stored
- Previous message: Tommaso Di Donato: "Re: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]"
- In reply to: Proescholdt, timo: "RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire wall]"
- Next in thread: Corey J. Steele: "RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint fire wall]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
