Gianni, Matt and I spent a little time poking around at the Websense WISP protocol to see how likely it would be to get Squid working with it. We observered a Cisco PIX communicating with a Websense service running Linux. It seems pretty easy (which was strange as we’ve heard to the contrary from Websense themselves). Gianni has knocked up a tool that can query a Websense server with a url to see if it is blocked. If we need it we’ll build a squid redirector. (see http://www.scaramanga.co.uk )
New patch for IPX support on Firestorm. Fixes a few lame bugs and possible remote DoSs Gianni pointed out to me. Also improved the SAP support a little.
Comments
Hi John
I am trying to roll my own webscence server to hook up to a sonicwall router and have managed to get part of the program working so that I can send my own HTTP block message back to the firewall using a UDP service.
Trouble is that 10% of HTTP incoming messges have a extra Int32 in the packets and i think all HTTPS packets contain the extra segment in the packet and i don’t know how to reply to these types of requests because i don’t know the structure.
I would download Webscence (bloatware) and sniff the packets but i cannot get a copy of the program so maybe you can help me out here please.
Been a long time since i went to Bradford but a night on the town was real cheap the last time i visited.
I have still not managed to sort the structure out because i have no data to sniff but this “websense” and my Dell Sonic firewall is a big mistake.
Without paying Dell a fortune for a licence the TZ Sonicwall has more things turned off than are working but what i am not happy about is the leakage of data from the Sonicwall when using Websense.
Now anyone with half a brain would think that the router would not send out a request to the internet untill it has been allowed by the Websense with a allow/block reply but thats not the case and the HTTP/S is still sent out across the internet and is only dropped by Dells Sonicwall router on return if the Web-Sense server blocks the URL.
It’s no good asking Google for it’s cookies back and Dell you can have your firewall back if you don’t fix this security issue.
Dave