Um,
I would have thought that is incredibly difficult to block "tunneled" HTTP
stuff with an application level proxy unless it's carelessly done. Am I
mistaken? Surely between all the different MIME types and PUT there are
plenty of ways to send and receive arbitrary data streams. I mean maybe if
you limited outgoing commands to GET you could slow them down, but it would
seem to be hard to stop them...
Are you suggesting that there is a "good" application level proxy out there?
Personally I've been telling my customers that if they're allowing HTTP into
the network then a Trojan or and internal attacker with some smarts can do
pretty much anything they want. Then again I've never thought about writing
an HTTP proxy and I don't know the spec too well, so I could be mistaken. In
fact, _please_ tell me I'm mistaken.
Cheers,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct: +61 8 8422 8319 Mobile: +61 414 411 520
Inside-to-outside attack
techniques invloving trojans using outbound http sessions to communicate
are still almost impossible to stop unless you are looking for them.
Forcing people to use application layer proxies for http blocks these
nicely, used in conjunction with outbound traffic filtering and a
deny-all allow-some router ACL's you should be able to stop almost
anything
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
