Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   SurfControl Vendors:   SurfControl
SurfControl for Microsoft Proxy Server May Fail to Block Sites
SecurityTracker Alert ID:  1001139
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 22 2001
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): SurfControl for MS Proxy Server
Description:   A web surfer can bypass the site blocking feature of SurfControl for Microsoft Proxy Server in certain cases.

It is reported that, if a web surfer uses the octal representation of an IP address, the SurfControl may fail to block a site that it is otherwise configured to block.

To avoid the SurfControl restrictions, the user must use an octal representation of the IP address, followed by a series of leading zeros, such as: 00000000yyy.0000000yyy.00000000yyy.0000000yyy, where "yyy" is the octal number.

Impact:   A web surfer can bypass the site blocking feature of SurfControl for Microsoft Proxy Server in certain cases and view content that should otherwise be blocked.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  SurfControl Bypass Vulnerability

It appears that there is yet another way to bypass the site blocking feature
of SurfControl for MS Proxy.

Our configuration:

We have set up our rules to deny access to anyone attempting to reach sites
classified as Adult/Sexually Explicit, Hacking, etc.
That would mean that anyone trying to reach would
normally be denied access to the site.

The workaround:

1.  First, do an nslookup on to get the IP address of
the site --
2.  Next, convert each octet to an octal number using the windows calculator
-- yyy.yyy.yyy.yyy
3.  Insert eight (8) leading zeros in the first and third octets and seven
(7) leading zeros in the second and fourth octets --
4.  Type the modified octets into your browser's address bar and, viola!,
your are successfully bypassing the SurfControl filter.

I have contacted SurfControl about this but have had no response.

If anyone has any suggestions for correcting this vulnerability, please let
me know.

Franklin Witter
Network Security Specialist II
fax:  252-246-3463


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC