I love a challenge. > proven it hasn't been compromised. If someone can prove > they've broken through one OTHER than through the stupidity > of someone configuring a rule wrong, I'd sure love to hear > about it.
This wasn't a root level attack on the Sidewinder host, but an attack through it via the transparent HTTP application proxy. Basically, version 4.1 failed to do actually do HTTP syntax checking making the HTTP proxy a generic proxy in function. So all the HTTP protocol violation style attacks weren't blocked at all. Proved it using tools off packetstorm. Told SCC about it and proved it to them as well. Then they verified the problem and issued a patch some months later. Make sure those protection features are actually doing what they claim folks. http://www.networkcomputing.com/1106/1106f16.html?ls=NCJS_1106rt mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
