I have been working with the people of SurfControl for a couple of weeks now and all they say is that they will submit it as a bug in the software and try to get a fix out in the next couple of months. So here goes…. You can bypass the software by using a proxy sever before your traffic is looked at by SurfControl Super Scout. After talking with the people at SurfControl it has become apparent that you may bypass all of their software that is meant for Internet monitoring. I have not been able to test it though. They only look at packets that have the HTTP GET request and "Host:" information in it. If you split up the request so that HTTP GET request is not in the same packet as the "Host:" information then you will bypass the software. You can easily do this by using a proxy server before you get to the node that is doing the Internet monitoring. If you have Compaq PC's or servers that are not patched you can proxy off the Insite Manager software (http://www.compaq.com/support/files/server/us/dow nload/9609.html). If you have PERL installed you can use RFProxy, HTTPush or Pudding. These programs were intended for the testing of IDS evasion techniques but work wonders for Internet monitoring/blocking evasion. Neil
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 16:32:24 PDT