Hi, sure this reply is also not posted on bugtraq :-( but perhaps interesting for someone... --On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt, timo" <Timo.Proescholdt@brk-muenchen.de> wrote: > >> It's not just Checkpoint Firewall that has a problem with HTTP > CONNECT.> >> From what I can tell default installations of the CacheFlow web >> proxy software, some Squid installations, some Apache >> installations with proxying enabled, and some other web proxy >> installations I haven't identified allow anyone to use the HTTP >> CONNECT method. This is being > > Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan > Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a > configuration > switch to change this behaviour. I have confirmed today also Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182 and found two interesting points, too: 1) if used also for SMTP, a firewall cannot block CONNECT to port 25 anymore. Solution: split installation to different machines (TM license allows this). 2) Looks like content transported over CONNECT isn't scanned anymore, theremore malicous code can be transported. See also http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051 They published some hints how to test and had setup web servers on port 444 and 44444 containing the eicar.com file for checks. Peter Bieringer
This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 18:24:14 PST