Websense WISP and IPX updates

Gianni, Matt and I spent a little time poking around at the Websense WISP protocol to see how likely it would be to get Squid working with it. We observered a Cisco PIX communicating with a Websense service running Linux. It seems pretty easy (which was strange as we’ve heard to the contrary from Websense themselves). Gianni has knocked up a tool that can query a Websense server with a url to see if it is blocked. If we need it we’ll build a squid redirector. (see http://www.scaramanga.co.uk )

New patch for IPX support on Firestorm. Fixes a few lame bugs and possible remote DoSs Gianni pointed out to me. Also improved the SAP support a little.

Comments

Dave says:

Hi John

I am trying to roll my own webscence server to hook up to a sonicwall router and have managed to get part of the program working so that I can send my own HTTP block message back to the firewall using a UDP service.

Trouble is that 10% of HTTP incoming messges have a extra Int32 in the packets and i think all HTTPS packets contain the extra segment in the packet and i don’t know how to reply to these types of requests because i don’t know the structure.

I would download Webscence (bloatware) and sniff the packets but i cannot get a copy of the program so maybe you can help me out here please.

Been a long time since i went to Bradford but a night on the town was real cheap the last time i visited.

Dave again says:

I have still not managed to sort the structure out because i have no data to sniff but this “websense” and my Dell Sonic firewall is a big mistake.

Without paying Dell a fortune for a licence the TZ Sonicwall has more things turned off than are working but what i am not happy about is the leakage of data from the Sonicwall when using Websense.

Now anyone with half a brain would think that the router would not send out a request to the internet untill it has been allowed by the Websense with a allow/block reply but thats not the case and the HTTP/S is still sent out across the internet and is only dropped by Dells Sonicwall router on return if the Web-Sense server blocks the URL.

It’s no good asking Google for it’s cookies back and Dell you can have your firewall back if you don’t fix this security issue.

Dave

Leave a Reply