Vulnerability

    SurfControl

Affected

    SurfControl

Description

    Neil Desai found following.  You can bypass the software by using
    a proxy sever before your traffic is looked at by SurfControl
    Super Scout.  After talking with the people at SurfControl it has
    become apparent that you may bypass all of their software that is
    meant for Internet monitoring.

    They  only  look  at  packets  that  have the HTTP GET request and
    "Host:" information in it.   If you split up  the request so  that
    HTTP  GET  request  is  not  in  the  same  packet  as the "Host:"
    information then you will bypass the software.  You can easily  do
    this by using a  proxy server before you  get to the node  that is
    doing  the  Internet  monitoring.   If  you  have  Compaq  PC's or
    servers that are not patched you can proxy off the Insite  Manager
    software

        http://www.compaq.com/support/files/server/us/download/9609.html

    If  you  have  PERL  installed  you  can  use  RFProxy, HTTPush or
    Pudding.   These programs  were intended  for the  testing of  IDS
    evasion techniques  but work  wonders for  Internet monitoring and
    blocking evasion.

Solution

    People of  SurfControl say  they will  submit it  as a  bug in the
    software and try to get a fix out in the next couple of months.