firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: IPv6 support in firewalls (ArkanoiD)
2. Re: IPS Content filtering techniques (Skough Axel U/IT-S)
----------------------------------------------------------------------
Message: 1
Date: Tue, 28 Aug 2007 02:21:27 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] IPv6 support in firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20070827222127.GA10416@eltex.net>
Content-Type: text/plain; charset=us-ascii
Well, i do see quite often. The rules are simple:
1) use windows update
2) don't run attachments (well, windows users habit of running
attachments is just ridiculous - WHY they do?)
3) don't watch pr0n (even if you do 1 and 2 you still can get 0wned via
0-day exploit - but very unlikely if you do not watch pr0n ;-)
On Mon, Aug 27, 2007 at 04:50:37PM -0400, Paul D. Robertson wrote:
>
> Yes, and *anyone* who's done any sampling of home PCs recently will
> understand that. I can't remember the last time I saw a clean MS-based
> home system.
>
------------------------------
Message: 2
Date: Tue, 28 Aug 2007 08:15:30 +0200
From: "Skough Axel U/IT-S" <axel.skough@scb.se>
Subject: Re: [fw-wiz] IPS Content filtering techniques
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>, "Firewall Wizards Security
Mailing List" <firewall-wizards@listserv.cybertrust.com>
Cc: Panahi Behzad U/IT-S <behzad.panahi@scb.se>
Message-ID: <7D5607434F895540B2A717820399633D5B4DD2@exs13.scb.intra>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
It is because some systems send informative responses indicating redirects (permanent or temporarily), HTTP code 301 or 302.
The ways these redirects are created vary strongly, sometimes a data buffer is given, but not always. The rediection directive is present in a HTTP header statement indicating alternate location.
Some implementations omits declaring the data buffer content as none is present, thus the content is left unknown. A content-filtering firewall therefore doesn't allow a HTTP packet with unknown data to pass - this is correct - BUT should be able to allow HTT packets with no data, i e, Content-Length: 0. In this situation the Content-Type argument can be properly excluded as stated in the RFC 2616 and we cannot therefore encourage the opinion that there should be some error in such a packet from its vendor!
Best regards,
Axel
________________________________
From: firewall-wizards-bounces@listserv.icsalabs.com on behalf of ArkanoiD
Sent: Thu 2007-08-23 00:47
To: Firewall Wizards Security Mailing List
Cc: Panahi Behzad U/IT-S
Subject: Re: [fw-wiz] IPS Content filtering techniques
Well, what's the purpose of getting those null data through?
Why do you need it?
On Wed, Aug 15, 2007 at 03:35:24PM +0200, Skough Axel U/IT-S wrote:
>
> Does really nobody know anything about a Web proxy product filtering on MIME Content-Type setting and capable to omit this check when the MIME Content-Length setting in force appears to be zero? The RFC 2616 states that the Content-Type header statement can be omitted in this situation and, indeed, it has no meaning as the data section is declared to be of length zero.
>
> Otherwise the data section should of course be in general be assumed to be of type "application/octet-stream" but when no data section is present it is obviously no problem in bypassing the Content-Type check! Thus, there are no data to prevent entering for in this situation, but the packet in force may have othre meanings such as redirect etc.
>
> I would appreciate any comments in this matter!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 16, Issue 18
************************************************
No comments:
Post a Comment