I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach
the website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website. The same issue I've discovered for NetGear FM114P in
http://online.securityfocus.com/bid/5667
It would make sense if you can do an internal nslookup. Otherwise the
user can do a workaround and adding always the ip address(es) of the
blocked websites. But this can cause some problems if there were some
virtual hostings. A smart attacker can use some dottless-ips to bypass
the new workaround IP filter. The box will sadly loose performance
because of the additional filter line(s).
My description was sent on 02/10/15 to info (at) sonicwall (dot) com [email concealed] - No response
came back. The blocking URL message style and problem reminds my the
website blocking mechanism by NetGears FM114P. It could be that both
use the same mechanism (by a 3rd party?). So, if the bug is fixed for
one box the other will also be fixed - I think so.
Bye, Marc
--
Computer, Technik und Security
http://www.computec.ch
I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach
the website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website. The same issue I've discovered for NetGear FM114P in
http://online.securityfocus.com/bid/5667
It would make sense if you can do an internal nslookup. Otherwise the
user can do a workaround and adding always the ip address(es) of the
blocked websites. But this can cause some problems if there were some
virtual hostings. A smart attacker can use some dottless-ips to bypass
the new workaround IP filter. The box will sadly loose performance
because of the additional filter line(s).
My description was sent on 02/10/15 to info (at) sonicwall (dot) com [email concealed] - No response
came back. The blocking URL message style and problem reminds my the
website blocking mechanism by NetGears FM114P. It could be that both
use the same mechanism (by a 3rd party?). So, if the bug is fixed for
one box the other will also be fixed - I think so.
Bye, Marc
--
Computer, Technik und Security
http://www.computec.ch
[ reply ]