Uhm. We are all aware of the potential damage that a http-transport
(or ftp?) trojan could cause.
I fail however to see how proxies would block them.
If your trojan of choice starts poking around in your
browser configuration (there are really only two of 'em, right?)
it can easily find out what proxy address to use.
>From that point, it could easily post command output with
normal POST methods, and retreive new commands via GET.
It could all be formatted to look just like HTML, ofcourse.
Ick :-)
H D Moore wrote:
>
> [Snip]
> Inside-to-outside attack
> techniques invloving trojans using outbound http sessions to communicate
> are still almost impossible to stop unless you are looking for them.
> Forcing people to use application layer proxies for http blocks these
> nicely, used in conjunction with outbound traffic filtering and a
> deny-all allow-some router ACL's you should be able to stop almost
> anything. In the end the component that poses the most risk is the one
> between the chair and the monitor ;)
>
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
