Re: By passing surf control

From: Charles Hamby (fixer_at_gci.net)
Date: 02/26/04

  • Next message: Moonen, Ralph: "RE: LEAP" 
    Date: Wed, 25 Feb 2004 16:14:47 -0900
To: "McNutt, Jacob" <JMcNutt@universalaccess.net>

    Have you tried checking to see if IP address obfuscation works?

    In case anyone's not familair with this...

    Using http://www.amazon.com as an example. If I wanted to go there but
    it was blocked, I would find out what the IP address of www.amazon.com
    is (say using ping).

    In this case it happens to be 207.171.181.16. I would then convert each
    octet into hex individually. (207 is CF, 171 is AB, 181 is B5 and 16 is 10)
    Then I would put CFABB510 into my calculator (Windows calculator works
    just fine for this, by the way) and conver it to decimal again. I would
    come up with 3484136720
    I would open up my web browser and put in http://3484136720 and up comes
    Amazon.com.

    Charles Hamby

    McNutt, Jacob wrote:

    >SSH tunneling/port forwarding to a proxy might work if they have access to it. Also, we have a problem with AOL client browsers that can bypass Websense all together.
    >
    >-----Original Message-----
    >From: Kudakwashe Chafa-Govha [mailto:KChafa-Govha@bankunitedfla.com]
    >Sent: Wednesday, February 25, 2004 3:04 PM
    >To: pen-test@securityfocus.com
    >Subject: By passing surf control
    >
    >Hello Group,
    >
    >
    >Does anyone have any information on how to by pass a web content filter? We use Surf Control to monitor and filter web content. However, I have one of my users who was able to by pass this. We tried using a proxy to by pass just for testing purposes but it did not work. I am still trying to figure out what other method he used to do so. If anyone has any information , it will be greatly appreciated.
    >
    >Thanks
    >
    >Kuda
    >
    >**************************************************************************************************
    >The contents of this email and any attachments are confidential.
    >It is intended for the named recipient(s) only.
    >If you have received this email in error please notify the system manager or the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it.
    >**************************************************************************************************
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Moonen, Ralph: "RE: LEAP"

    Relevant Pages

    • RE: By passing surf control
      ... Have you tried checking to see if IP address obfuscation works? ... In case anyone's not familair with this... ... >Subject: By passing surf control ... >attachments are confidential. ...
      (Pen-Test)
    • Re: By passing surf control
      ... >Precedence: bulk ... >Have you tried checking to see if IP address obfuscation works? ... >In case anyone's not familair with this... ...
      (Pen-Test)