Re: proxying exploit attempts

From: James Young <[email protected]>
Date: Mon, 25 Jan 1999 11:10:30 -0600

I could have spoken more clearly in my posts.

First, I want to deal with proxy abuse by crackers.
Filtering out certain characters from requests would subtly break some
exploits. It would not block POST exploits (of which I know no
details), and it would not prevent all abuse of the proxy. It _could_
make it a little harder for crackers to attack successfully while hidden
by the proxy. It would not provide the equivalent to an ideal firewall
to the world, ensuring that everything requested is well-behaved.
Further, if I strictly adhere to an RFC, I _might_ break some site which
uses metacharacters in its CGI scripts (for example).
This is the only drawback I can think of. It is not a gigantic security
patch for the world, but it might help a little (or am I dreaming?).

Second, about Squid exploits: the BSDi 3.1 default configuration, and
the combination of Squid 1.2beta & Netscape 4.x expose, well, quirks
(see the Bugtraq archives). I have not heard of exploits that
specifically targeted Squid and succeeded, and a cursory search turned
up nothing new. Quite the opposite - Squid can keep you from
unknowingly revealing information via the Netscape "What's Related"
button, and from Javascript cache exploits.

Please respond. I cannot be the only person concerned with proxy abuse.
-james young
Received on Mon Jan 25 1999 - 10:14:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:08 MST