|
Vulnerability SurfControl Affected SurfControl Description Neil Desai found following. You can bypass the software by using a proxy sever before your traffic is looked at by SurfControl Super Scout. After talking with the people at SurfControl it has become apparent that you may bypass all of their software that is meant for Internet monitoring. They only look at packets that have the HTTP GET request and "Host:" information in it. If you split up the request so that HTTP GET request is not in the same packet as the "Host:" information then you will bypass the software. You can easily do this by using a proxy server before you get to the node that is doing the Internet monitoring. If you have Compaq PC's or servers that are not patched you can proxy off the Insite Manager software http://www.compaq.com/support/files/server/us/download/9609.html If you have PERL installed you can use RFProxy, HTTPush or Pudding. These programs were intended for the testing of IDS evasion techniques but work wonders for Internet monitoring and blocking evasion. Solution People of SurfControl say they will submit it as a bug in the software and try to get a fix out in the next couple of months.