[ale] Unintended consequences

[Chris Fowler]

Ran into an issue yesterday that is interesting. 

I use a Zimbra provided. Yesterday I lost connection to the the provider from home. I could ping from other networks. To solve, I added a host based route from my desktop to the other networks using VPN. Worked for a while then stopped. I assumed a routing problem at their colo, but they told me I was triggering CVE-2014-6271 in their IPS firewall. How is that even possible? 

My provider told me their IPS was triggering on '() {'. Wow. 

1. I had forgotten to use https instead of http when using the Zimbra mail web interface. 
2. Last night and today I was discussing some Java Script code for Service Now with a customer. 
3. This problem occurred when my email was saved in 'Drafts' as I was typing. 
4. Since this was JS there was '() {' syntax! 

Wow. 

They removed the block, I switched to https, and the problem is gone. 

This seemed like a sporadic routing issues because it would come and go. I imagine the IPC firewall would block for a while. When I routed that IP over a VPN the problem would follow the route! 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150924/9ebf0b0e/attachment.html>