Hi, sure this reply is also not posted on bugtraq :-( but perhaps interesting for someone... --On Thursday, February 21, 2002 12:55:49 AM +0100 "Proescholdt, timo" <Timo.Proescholdt@brk-muenchen.de> wrote: > >> It's not just Checkpoint Firewall that has a problem with HTTP > CONNECT.> >> From what I can tell default installations of the CacheFlow web >> proxy software, some Squid installations, some Apache >> installations with proxying enabled, and some other web proxy >> installations I haven't identified allow anyone to use the HTTP >> CONNECT method. This is being > > Finjan-SurfinGate/4.0 ( NT ) is "vulnerable" , Trend Micro Interscan > Viruswall ( 3.51 ) ( NT ) as well. Both do not seem to have a > configuration > switch to change this behaviour. I have confirmed today also Trend Micro Interscan Viruswall 3.6 / Linux / Build 1182 and found two interesting points, too: 1) if used also for SMTP, a firewall cannot block CONNECT to port 25 anymore. Solution: split installation to different machines (TM license allows this). 2) Looks like content transported over CONNECT isn't scanned anymore, theremore malicous code can be transported. See also http://www.aerasec.de/security/index.html?lang=en&id=ae-200202-051 They published some hints how to test and had setup web servers on port 444 and 44444 containing the eicar.com file for checks. Peter Bieringer
Attachment:
pgp00091.pgp
Description: PGP signature
